Crossroads web application penetration testing service utilizes a comprehensive, risk-based approach to manually identify critical application-centric vulnerabilities that exist on all in-scope applications.
1. Information Gathering
2. Threat Modeling
3. Vulnerability Analysis
Using proven methodologies and a refined discovery approach, Crossroads comprehensive practices cover the classes of vulnerabilities found in today’s fiercer cyber-attacks including, but not limited to: Injection, Cross-Site Scripting, Cross-Site Request Forgery, Invalidated Redirects & Forwards, Broken Authentication & Session Management, Security Misconfiguration, Insecure Direct Object Access and more.
Manual Testing vs Automated Testing
Crossroads approach consists of about 80% manual testing and about 20% automated testing. While automated testing enables efficiency, it is effective in providing efficiency only during the initial phases of a penetration test. At Crossroads, it is our belief that an effective and comprehensive penetration test can only be realized through rigorous manual testing techniques.
In order to perform a comprehensive real-world assessment, Crossroads utilizes commercial tools, internally developed tools, and the same tools that cyber-attackers use on each and every assessment. Once again, our intent is to assess systems by simulating a real-world attack and we leverage the many tools at our disposal to effectively carry out that task.
Reporting, Remediation, & Re-testing
We consider the reporting phase to mark the beginning of our relationship. Crossroads strives to provide the best possible customer experience and service. As a result, our report makes up only a small part of our deliverable. We provide clients with skilled remediation services, and dedicated remediation teams to close the ever important gap in the remediation process following the reporting phase. We exist to not only discover weak points and security holes, and application vulnerabilities, but also to help you mitigate them.