The word “Web Application Transmission Test” describes an evaluation done by an outdoors expert who determines if vulnerabilities appear in a credit card applicatoin by testing each interface towards the application including server operating-system, application platform and database.
To make sure a secure and thorough Transmission Test we follows an organized methodology which includes the next steps: Enumeration, Vulnerability Assessment and Exploitation.
The testing team will utilize tools for example:
• port scanners
• sniffers
• proxy servers
• site crawlers
• manual inspection
The output from all of these tools allows they to collect information for example:
• open ports
• services
• versions
• os’s
• banners
The vulnerability assessment utilizes the information collected in the last key to uncover potential vulnerabilities within the server(s), applications server(s), database server(s) and then any intermediary devices for example firewalls and cargo-balancers. The assessment team will utilize numerous commercial, free as well as in-house developed tools throughout the assessment.
The assessment team doesn’t depend exclusively on tools to uncover vulnerabilities. A lot of time is spent by hand inspecting products for example HTTP responses, hidden fields and HTML page sources.
The vulnerability phase covers the next ten areas:
• Input validation
• Access Control
• Authentication and Session Management
• Mix Site Scripting
• Buffer Overflows
• Injection Flaws
• Error Handling
• Insecure Storage
• Denial and services information
• Configuration Management
Controlled attacks are carried out for every reported vulnerability excluding individuals that may result in a Denial and services information condition. Denial and services information vulnerabilities will always be discussed using the customer along with a testing solution formulated. Possible choices for Denial and services information testing include testing throughout a specific time, testing an improvement system or by hand verifying the problem that could (or might not) result in the vulnerability.