When testing your application, we use a wide range of testing methodologies and utilities.
We start by deploying web security scanners. This tool efficiently covers certain test points and provides us with an overall impression of the application.Interactive
We manually examine the application for vulnerabilities and further map the functionality. Based on application knowledge, probability of vulnerability and impact, we select test points for further investigation.
Functionality with a high risk profile we check for security problems by analyzing the code. For this we use static code analysis: we check your program code manually and with tooling. For potential vulnerabilities, we verify whether they can actually be exploited.
We map all services with a comprehensive port scan and determine software and version information. In the process, we check whether firewalls can be bypassed. We also search public sources for sensitive information.
We subject the server to an automated scan. This involves deploying a vulnerability scanner that tests for a large number of potential vulnerabilities. We review and verify all findings.
The HTTPS protocol encrypts traffic between browsers and servers via SSL/TLS and is crucial for communication security. Therefore, we check it extensively.