Web Application Tests
Web applications penetration tests (pentest) can take place both in the internal network of the institution and in another location (such as DMZ, cloud, data centers). The findings determined at the end of the tests and the methods of eliminating these findings are presented to the institution managers as a report. When today's cyber attacks are examined and analyzed, it has been revealed that most of the attacks carried out from the outside to the inside are carried out by using security vulnerabilities in web applications.
Institutions develop web applications using many software languages and generally provide their web application development needs through third party companies.
As Ekon BiliÅŸim, we perform penetration tests by using international methodological approaches for web applications developed by institutions, either by themselves or by third-party companies. With this test method, penetration tests are performed on applications within the institution or on an external network, entry points are determined, and tests are carried out together with jump tests to other systems.
About Web Application Security Penetration Tests
Web application penetration tests, also known as web application pentests, are different from the general pentest concept. In particular, it can be successful for application logic beyond the known openness types of application and infrastructure technologies used and according to the experience of the testers.
Web Application Security Service
In today's cyber security world, automated tools are generally used to speed up processes and to obtain additional information after infiltration, which is called post exploitation. The tests to be carried out are determined in two different ways according to the company's request. In the first case, application discovery is performed first. At this stage, the aim is to extract the files and directories of the target web application that can be found directly, and to fully identify the application in the target system. In the second case, this information is conveyed to the personnel who will perform the test and the method of informing is chosen.