Security assessment     Web application penetration testing

Web application



Web applications are often the most vulnerable part of an information system. At the same time, due to their exposure on the Internet, they are usually the first target in an attack.


As more organizations perform their business on the web, web applications are becoming their critical assets. Due to increasing complexity, those applications require more effort and dedicated, professional testing to be secure.
Due to high customer demand, Griffinix offers special penetration tests tailored specifically for Web applications. The objective of such a specialized penetration test is to reveal potential vulnerabilities or security flaws in a controlled manner.
The extent of the web application penetration test and the testing methodology are adjusted to the tested application and technologies used. All results are manually examined to ensure the highest possible quality and eliminate false positives.
Griffinix's experts use publicly available and proprietary, in-house built, specialized tools for web application testing. Applications are tested for known and unknown vulnerabilities, including but not limited to:
  • SQL injection
  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery
  • File inclusion
  • Command execution
  • Code injection
  • Input parameters manipulation
  • Session management vulnerabilities
  • Error handling etc.
Client's web applications are thoroughly assessed through Griffinix's web application penetration testing programme to decrease and eliminate the chances for a successful web site attack. The results of the tests include detailed descriptions of identified vulnerabilities and recommendations for their removal.