Web Application Testing

Matta uses security consultants with a background in programming to conduct Web Application Tests. Tests are conducting in line with OWASP methodology.

Web Application should be conducted against all public facing web sites or applications that have dynamically driven content. Typically these applications have had customised code written, and it is this program code, in the form of scripts, that need to be tested. Some of the common programming mistakes that lead to vulnerabilities being introduced are related to the way the custom code sanitizes the input.

The amount of time it takes to conduct the assessment is related to the number, size, and complexity of scripts in the application.

Web Application Assessments will test for the following issues, amongst others:

• Injection attacks, such as SQL injection
• Cross Site Scripting (XSS)
• Logic errors with the site, allowing users to illegally manipulate the data or processing of the application
• Input Validation issues
• Cross Site Forgery Requests
• etc