Web Application Vulnerability Assessment

 WEB APPLICATION ASSESSMENT

For a Web Application Assessment to be effective, it must combine automated and manual testing processes. LCM’s Web Application Testing always consists of automated and manual testing of Web Applications to ensure that all elements of the applications are tested while still focusing on higher-level issues that tools cannot uncover. LCM uses Qualys as the automated tool when performing Web Application Assessments.

 Get Started on Your Web Application Assessment

APPROACH TO WEB APPLICATION ASSESSMENT

Using Qualys, LCM performs vulnerability scans on Web Applications. Web application assessment always combines automated and manual testing to benefit from the strengths of each. All findings generated by automated tools are manually validated to remove false positives. Levels of criticality assigned by automated tools are manually assessed for real-world accuracy using CVSS and considering the sensitivity of the data, the skill required to exploit, exposure, and collateral impact. Manual testing also focuses on higher-level issues that automated tools cannot find, such as flaws in business logic, workflow, browser variations, password reset mechanisms, escalation of privilege and separation of data, and the specific weaknesses of the underlying technology.

LCM recommends that a Vulnerability Assessment be completed in twelve phases:

  1. Pre-test activities

  2. Notifications

  3. Reconnaissance and foot printing

  4. Network layer assessments

  5. Automated assessments

  6. Manual validation of automated findings

  7. Manual testing

  8. Determining levels of criticality

  9. Safeguarding data and client communications

  10. Draft report

  11. Client briefing

  12. Final report and project close

WEB APPLICATION ASSESSMENT DELIVERABLES

A report of findings for the automated and manual testing consisting of:

  • Scan Summary Report: Report of findings outlining all of the vulnerabilities that were discovered along with recommendations from LCM Security.

  • Detailed Scan Results Excel Working Document: An excel spreadsheet view of all the found vulnerabilities. The results are based on the following criteria:

    • Hostname / IP Address

    • Impact

    • Criticality Level

    • Solution (Remediation steps)

  • Scan Details Documents: Raw results from the scanner in PDF format sorted by Vulnerability. This document is meant to provide additional information beyond what is available in the summary report or excel working documents.

WEB APPLICATION ASSESSMENT DELIVERY TEAM

Lead Assessor: An Information Security expert, possessing various certifications and a degree in information security. The assessor has a thorough understanding of the Vulnerability Management process and a deep knowledge of the technologies being reviewed.

Virtual CISO: An Information Technology leader with over 20 years of experience in Cyber Security consulting and Managed Security Services, with CISA and CRISC certifications.

Report Writers: Will develop final reports based on the findings of the assessment.

Connect with Our Experts to Start Your Web Application Assessment