When testing your application, we use a wide range of testing methodologies and utilities.
Automated tests
We start by deploying web security scanners. This tool efficiently covers certain test points and provides us with an overall impression of the application.Interactive
Interactive tests
We manually examine the application for vulnerabilities and further map the functionality. Based on application knowledge, probability of vulnerability and impact, we select test points for further investigation.
Code reviews
Functionality with a high risk profile we check for security problems by analyzing the code. For this we use static code analysis: we check your program code manually and with tooling. For potential vulnerabilities, we verify whether they can actually be exploited.
Port scans
We map all services with a comprehensive port scan and determine software and version information. In the process, we check whether firewalls can be bypassed. We also search public sources for sensitive information.
Security scans
We subject the server to an automated scan. This involves deploying a vulnerability scanner that tests for a large number of potential vulnerabilities. We review and verify all findings.
SSL/TLS reviews
The HTTPS protocol encrypts traffic between browsers and servers via SSL/TLS and is crucial for communication security. Therefore, we check it extensively.
