Application Penetration Testing
We’re passionate about Application Security - we’ll partner with your team to improve how security is embedded within your digital assets.
How we can assist:
Applications have moved from being solely accessible via the web, to availability via many platforms. Tesserent’s deep experience in Application Security will ensure that no matter what platform you have deployed your application on, we can perform an appropriate technical assessment.
Tesserent’s methodology is focused on ensuring that your organisation’s applications will be assessed, and any required remediation will be clearly documented, ensuring your client data is as secure as possible.
Tesserent Application Security Testing methodology is very hands-on and is based on internal research and various Open Web Application Security Project (OWASP) methodologies.
We start by listening.
Web Applications have in recent years become one of the most targeted platforms for attackers.
Attackers can leverage relatively simple vulnerabilities to gain access to confidential information, often containing personally identifiable information.
Tesserent Web Application Testing methodology is based on both internal research and the Open Web Application Security Project (OWASP) methodology. Our experts will utilise automated tools and finely honed manual techniques, gained through years of experience.
Mobile Application Security Penetration Testing is the testing of Android and iOS applications to ensure that a business/organisation’s mobile applications can only be used for their intended purpose.
This testing simulates a malicious user of the application, or someone malicious who has found a lost phone. Tesserent performs both static and run-time analysis of the application.
API security penetration testing is recommended for businesses with web services that are exposed to the public internet.
Tesserent will test the APIs resilience to various attack vectors, and will include tests for API authentication, authorisation, input validation and other potential vulnerabilities.
Tesserent’s Secure Code Review is an auditing procedure that utilises various sophisticated techniques to identify security issues in an application that may not be picked up in a standard penetration test.
This review ensures that the application contains the necessary security controls to prevent external attacks, and that they are implemented correctly and in the required locations.
Our source code review methodology uses a combination of static and dynamic analysis to ensure an in-depth analysis of the underlying application.
What should I look for when choosing an Application Security Tester?
Find a company you trust
Trust is fundamental. You will be allowing this company to access your systems, customer data and sensitive company intelligence. In effect, you’ll be permitting access into the inner workings of your organisation’s operations. Be sure that they can be trusted with your data and they have a proven track record. When was the company established and how many penetration tests they have performed for large security focused organisations? Ask if they have worked with clients in your industry sector and can provide references.
Can they meet my brief, or help me define it?
To get the best value for your IT security investment, you need to know exactly where you need help, why and what you want security tested. As the saying goes, the better the brief the better the job, so clearly define your objectives and outcomes from the start.
Are they able to answer my questions?
Ask questions about the testing methodology. What defined procedures and tools does the company use? How do they protect your business and data during the testing?
Is the testing out-sourced, sub-contracted or in-house?
Remember that a company does not conduct an application security test, people do. No matter which company you go with, it always comes down to the person or the team you have working on your business. Find out who exactly will be conducting the testing, is it outsourced, sub-contracted or in-house? Ask to see their credentials and interview them by phone, Zoom or in person. Finally, ask if you can be provided with interesting findings as they occur throughout the testing.
Can they show you a typical report?
Up front, ask the company exactly what you will receive at the end of the application security test. Ask to see what a real-world deliverable looks like. A quality report should detail the key findings and provide solid remediation advice, in priority order, to address every issue found. In short, the final report should be a valuable tool with a clearly defined action plan on the best ways to remediate vulnerabilities. Quality reports also detail how to re-test each vulnerability once the identified flaws have been fixed.
Where are your application security tester’s based?
Almost all our assurance team is based in Australia and New Zealand. We do have some staff that work internationally, often because they have relocated for personal reasons but want to keep working with us. All our staff have gone through rigorous security checks.
Are you CREST certified?
Yes, we are proudly CREST ANZ certified.
How do we scope and price an Application Security Test?
Each engagement is unique and tailored to your environment, and the agreed scope of works for testing. A penetration test is largely priced based on the estimated number of days required to complete the engagement.
We have conducted tens of thousands of technical assurance tests over the last two decades. We start by listening.
Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.