Web Application and API Security Testing

The hosting server, application and API layer are tested for vulnerabilities including configuration, transport layer, and application-layer specific flaws.

Authenticated testing is performed to identify configuration issues with the different levels of users in the system and to identify if users are able to hijack and perform the functions of users at similar and higher levels within the application.

Additionally, depending on the application exposure, testing can either be completed on-premises, or remotely from Feisty Fox Security’s secure testing lab.

Testing will include the following (where applicable):

• Identification of unintentional or inappropriate information disclosure;
• Identification of the failure to properly perform authentication, session management, data validation, or to securely implement cryptographic controls;
• Ability to withstand attack from injected or manipulated code; and
• Identification of scenarios through which a denial of service condition can be introduced (note, no active testing of this condition will be performed).