Security Testing

ZenQA offers Web Application Penetration Test service – a set of comprehensive tests to identify application vulnerabilities. We use a risk-based approach, grounded in both the application’s architectural reality and the attacker’s mindset, to gauge the application security adequately. By identifying risks in the system and creating tests driven by those risks, we focus on areas of code in which an attack is likely to succeed.

We offer web application penetrating testing services which include comprehensive tests to discover vulnerabilities and to determine the risk index of the application. Various manual and automated web application penetration tests (based on STRIDE classification) to identify the vulnerabilities in the application

ZenQA has expertise in performing security / penetration testing on the web applications. It follows the industry standard guidelines by Open Web Application Security Project (OWASP) and Web Application Security Consortium (WASC )

OWASP Top 10 vulnerabilities -

ZenQA has expertise in testing web applications for OWASP Top 10 vulnerabilities, few of them are listed below:

• Cross-Site Scripting (XSS) – (Session hijack, Track user activities, Browser exploitation)

• Injection Flaws – (SQL injection, XPath injection, LDAP injection, SSI injection)

• Malicious File execution

• Insecure Direct Object Reference

• Cross Site Request Forgery (CSRF)

• Denial of Service

• Buffer overflow

• Broken Authentication and Session Management

• Failure to Restrict URL Access

• Unvalidated Redirects and Forwards

• Insecure Direct Object References

• Buffer overflow