Scope of the web application assessment (penetration test)

sapna security has a team which has years of experience on web architecture and applications and their vulnerabilities. Accordingly we have created a strong web application assessment list which includes the following areas:

  • Injection
  • Authentication
  • Session Management
  • Cross Site Scripting (XSS)
  • Insecure Direct Object References
  • Sensitive Data Exposure
  • Access control
  • Cross-Site Request Forgery (CSRF)
  • Unvalidated Redirects and Forwards
  • Input validation
  • Cryptography

We follow OWASP ( recommendations for our audits.

Below is a sample finding we would list in our report. As you can see we would rate the finding, provide enough details for you to understand and give recommendations on how to close the finding

Our threat levels are easy to understand ranging from P1 high priority to P5 low priority. We even recommend ideal remediation dates.

Our job is not over after we submit the report. We will take your though the findings and then help you in the remediation process.

Additionally we will offer one free retest of all P1, P2, and P3 issues if remediation is done within the guidelines date.

Please refer to our scope document for more details
sapnasecurity application ethical hack scope guideline 2018