Our test methods
When testing your application, we use an extensive range of test methods and tools.
We examine your web application with:
Automated tests
We begin the assessment with the deployment of web security scanners. These tools efficiently cover certain test points and provide a global impression of the application.
Interactive tests
We manually examine the application in search for vulnerabilities and further map out the functionality. We select test points for further research on the basis of application knowledge, chance of vulnerability and impact.
Code reviews
We check functionality with a high risk for security vulnerabilities by analyzing the code. For this we use static code analysis: we check your program code manually and with tooling. For potential vulnerabilities, we verify whether they can actually be exploited.
We assess the hosting platform with:
Port scans
We enumerate all services with an extensive port scan and determine software and version information. We check whether firewalls can be circumvented. In addition, sensitive information is sought in public sources.
Security scans
We subject the server to an automated scan. A vulnerability scanner is used that tests for a large number of potential vulnerabilities. We review and verify all findings.
SSL/TLS review
The HTTPS protocol encrypts traffic between browsers and servers via SSL/TLS and is crucial for communication security. That is why we check this thoroughly.