September 9, 2020

Please reload

Recent Posts

OS command injection in latest ethical hack findings

November 24, 2020

Please reload

Featured Posts

Scope of the web application assessment (penetration test)

April 4, 2018

sapna security has a team which has years of experience on web architecture and applications and their vulnerabilities. Accordingly we have created a strong web application assessment list which includes the following areas:

  • Injection

  • Authentication

  • Session Management

  • Cross Site Scripting (XSS)

  • Insecure Direct Object References

  • Sensitive Data Exposure

  • Access control

  • Cross-Site Request Forgery (CSRF)

  • Unvalidated Redirects and Forwards

  • Input validation

  • Cryptography


We follow OWASP ( recommendations for our audits.


Below is a sample finding we would list in our report. As you can see we would rate the finding, provide enough details for you to understand and give recommendations on how to close the finding


Our threat levels are easy to understand ranging from P1 high priority to P5 low priority. We even recommend ideal remediation dates.


Our job is not over after we submit the report. We will take your though the findings and then help you in the remediation process.


Additionally we will offer one free retest of all P1, P2, and P3 issues if remediation is done within the guidelines date.


Please refer to our scope document for more details

sapnasecurity application ethical hack scope guideline 2018


Share on Facebook
Share on Twitter
Please reload

Search By Tags
Please reload