Web Application Penetration Test
Based on industry standards, the objective of the web application penetration test is to assess the security posture of web applications by identifying and examining vulnerabilities resulting from insecure design and implementation practices. This is done with both automated and manual tools to validate the effectiveness of security mechanisms such as Web Application Firewalls (WAF).
Web Application Execution Plan
The planning phase is crucial for a successful engagement and is used to gather information needed for the assessment execution. The information collected may include details such as the assets to be tested, the threats of interest against the assets, and the security controls to be used to mitigate those threats in the development of the assessment approach. A security assessment should be treated like any other project, with a project management plan to address goals and objectives, scope, requirements, team roles and responsibilities, limitations, success factors, assumptions, resources, timelines, and deliverables. After project initiation, the client’s requirements are collected for a successful draft of a Statement of Work (SoW) by Ingram Micro. Upon reaching mutual agreement on the terms of the SoW, the details and specifics of the scope are established. This includes preparation and signoff of the Test Authorization Letter (TAL) by both parties and a brief meeting to establish final confirmation of the timeline and communication specifics. The TAL aims to review the rules of engagement and answer all questions prior to the start of the project.
