During an AppTest engagement, Obrela Security Industries expert personnel launches controlled technical and logical attack simulations in order to identify vulnerabilities and demonstrate business impact against the application in scope.
This type of assessment may include all kinds of penetration testing and source code review approaches on almost any IT application, from web applications to mobile and unattended terminal applications (POS, web check-in stations, info kiosks etc). An indicative list of application categories may be found below.
- Web Applications
- Web Services
- Mobile Applications
- Thin/Thick Clients
- Unattended Terminal Applications
Penetration testing can be conducted in several ways. The most common variables are:
The amount of knowledge of the implementation details of the system being tested.
- “Blackbox” testing assumes no prior knowledge of the application to be tested.
- At the other end of the spectrum, source code review is performed which requires complete knowledge of the application design, source code and technologies.
The level of authorization on the application in scope.
- From no authorization, e.g. unauthenticated application visitor
- To full authorization, e.g. application administrative access
Obrela Security Industries Proprietary Penetration Testing Methodology, which combines CREST guidelines and OWASP methodology, is a systematic, risk-based approach in which risk is a function of the severity of consequences of an undesired event, the likelihood of adversary attack, and the likelihood of adversary success in causing the undesired event.
Detailed and tailored recommendations are also developed for measures to eliminate or reduce the identified risks. Although adversary characteristics generally are outside their control, clients can take steps to make themselves a less attractive target and reduce the likelihood of attack to their information assets.
|Target Knowledge||Zero||Limited||Full access to Source Code|