Web application security testing services utilise different testing methods, which may be automated or manual depending on the test being carried out. Most web app security tests use a combination of both, including:
Vulnerability scans: an automated method of web application testing, involving the use of scanning tools to identify web app security issues.
Web application assessment: a manual white-box test, carried out as an authenticated user (i.e. logged-in). This allows our testers to review session and business logic using multiple user accounts and roles.
Web application penetration test: a black-box assessment that utilises the same attack methods as real-world threat actors. Our CREST-certified testers will manually attempt to find and exploit vulnerabilities through an unauthenticated and uninformed attacker perspective.