Web & API Application Security Test
Identify Vulnerabilities in Web & API Application and its Resilience to Cyber Attacks
IT Minister delivers an independent security test of a web & API application.
Our in-depth technical tests will uncover vulnerabilities in the application & API, assess their impact and provide detailed recommendations on remediation.
Method
Our methodology is based upon our extensive experience within security testing of web applications and is further supported by the OWASP framework and NIST guidelines for security testing. The methodology is specifically made for web application testing and covers areas such as:
- Information Exposure
- Configuration and Deployment Management
- Identity Management
- Broken Object Level Authorization
- Broken Function Level Authorizatio
- API Injection
- Improper Assets Management
- Authentication Mechanisms
- Authorization Mechanisms
- Session Management
- Input Validation
- Error Handling
- Cryptography
- Business Logic
- Client-Side Attack Vectors
The test is performed as a combination of creative manual test actions and automated scans.
Involvement:
- The delivery requires minimal involvement of your technical staff.
Value:
- Identify vulnerabilities in a web application and its resilience to cyber attacks
- Determine if the web application is developed in accordance with best practices
- Recommendations on how to strengthen the level of security and how hardening of the web application can be applied
Product - Written Report Analysis Containing the Following:
- A non-technical section with an Executive Summary for management and decision makers
- A technical section including detailed observations and tangible recommendations to improve the security level and hardening of the web application
See some our sample findings for Azure from previous Assessment. 
Get in touch to learn more in detail about how we can support your cyber requirements.