Web application and API security tests are assessed in accordance with the OWASP Application Security Verification Standard (ASVS). What distinguishes us on the market is the fact that we do not rely on automatic tools. We carry out our tests manually, using automated tools only to automate basic work.
The types of errors we detect include:
- SQLi,
- XSS,
- CSRF,
- SSRF,
- DOM-based vulnerabilities,
- CORS,
- XXE,
- HTTP Request Smuggling,
- Insecure Deserialization,
- OS Command Injection,
- Server-side template injection,
- Directory traversal,
- Access control vulnerabilities.
Depending on your individual needs, we can offer you:
- comprehensive web apps security tests,
- comprehensive REST API security tests,
- comprehensive security tests of the additional mechanisms used withing web apps (such as WebSocket).