Join one of our upcoming events
Register for our upcoming events to learn more about our technology, gain business insights and expand your industry knowledge.
May
June
0845 470 4001
Get in touch
Live NPS Score
BlogFocussed testing without any distractions.
Website Security Testing
Comprehensive and scalable quality assurance
services for web applications
Due to their complexity; Web applications represent a unique challenge to the security posture of an organisation, Exponential-e offers comprehensive and scalable quality assurance services for web applications with varying scopes and requirements.
Meeting your business objectives
Due to their complexity and universality; Web applications represent a unique challenge to the security posture of an organisation, hence, it is critical to test them.
Network
Applications
Cloud
Service capabilities
Scoping phase with different levels of assessment:
01
Blackbox - No assistance will be given to the consultants. They will have to assess the network as if they were a hacker with physical access to the organisation. Alternatively, they will be given the network port and patch cable, and will have to obtain connectivity and further access.
02
Greybox - This involves the consultants having more assistance to connect their equipment to the network or they can test as an existing user in the business without being given any access credentials.
03
Whitebox - Full access to all resources required is given to the consultants to look for any information of vulnerable hosts and services to assess the risk.
Once Scoping is complete, there are seven phases to be carried out:
01
Information Gathering / Discovery - Specific tools will be used to obtain as much information from the current internal infrastructure.
04
Service Enumeration - All services discovered on the hosts under test will be itemised. Service enumeration allows specific software types and versions to be retrieved from the network as well as policies, shares, resources and valid user accounts.
04
Vulnerability Assessment - This phase of testing will attempt to analyse the information retrieved in previous steps in order to determine whether a specific weakness exists or not.
04
Manual Testing - Once all of the hosts and services have been identified manual testing techniques and follow-up will be used to either extract further sensitive information from the host or (depending on the rules of engagement) exploitation.
05
Post exploitation - Once a machine in scope has been compromised, pivoting and lateral movement techniques will be exercised. This practice is often employed to fully explore and demonstrate the true risk of a vulnerability by emulating the ‘snowball’ effect of stacked vulnerabilities.
06
Information Egress - The routes in which data can be extracted from the systems in scope will be examined and used to identify where extra controls could be implemented or security enhanced.
07
Reporting - A business executive summary, high level descriptions and technical details of each finding, is provided to offer the customer a wealth of information to implement remediation’s to not only fix the current issue, but also the underlying root cause, ensuring issues of the same nature do not re-occur.
Why Exponential-e?
Detect broken links on your web pages.
Ensure that all possible test cases targeted on the web app work correctly.
Checks how app works in the supported environments.
Ensure high quality website as end-result.
Diary of a Data Spill
Download our report:
01
How vulnerable you are: You’ll learn how a CIO can open his business up to untold damage simply by logging into a conference centre’s free WiFi.
02
How unprepared you are: Read in detail as to the missteps a typical business makes in failing to stop malware in its tracks.
03
How much it could cost you: You’ll read about a nightmare scenario for any business. Reputational and financial damage on a staggering scale; damage that can be avoided.
Read our latest security blogs
As a wholesale provider, your choice of technology partners is critical to the successful delivery of your services. However, with a digital landscape that's constantly changing, and providers expecte...
The addition of Vysiion to the Exponential-e Group has ushered in a new era of innovation for both companies. Combining our collective expertise with multiple technologies, across multiple sectors, al...
The finance sector is required to have one of the most sophisticated cyber security postures in the world, with bureaus, banks, finance companies and insurers working closely with their technology par...
Talk to one of our specialists
Fill out the form and we'll get back to you as soon as possible.
If you are looking for technical support, please contact our Support team on: 0845 230 6001
|
Get the App |
Connect with us |
|||||||
  |
 |
  |
  |
  |
  |
  |
  |
|
Talk to one of our specialists
Fill out the form and we'll get back to you as soon as possible.
If you are looking for technical support please contact our Support team on: 0845 230 6001
100% Privacy Guaranteed. Click here for our privacy policy.
100% Privacy Guaranteed. Click here for our privacy policy.
London Head Office
Manchester Office
*Calls to 0845 numbers will cost 7p p/m plus your phone company’s access charge.
All inbound and outbound calls may be recorded for training or quality purposes.
