There’s an application for everything, requiring input throughout the whole development cycle and beyond. Apps must perform as they’re expected to by the end user, integrate with myriad operating systems, as well as be secure to protect the data they store.
Where most testing is automated, Resillion’s experts use a combination of automated and manual methods to verify that all vulnerabilities have been identified – especially those relating to business logic that create operational risk. Through close collaboration, our consultants will adapt the test plan and devise specific attack profiles in response to issues encountered or features of the application revealed through testing. Highlighted risks will be translated into context specific to your organisation, thanks to our experience across multiple industries.
All testing is conducted in line with industry standards, like the OWASP Top Ten and OSSTMM, partnered with in-house developed methodology, to give you the best security outcome. Resillion’s consultant also take an iterative approach to ensure that all identified issues have been resolved throughout the duration of the engagement.
Web applications are usually accessed through a browser running on a client’s machine. Our approach involves looking key areas such as the authentication mechanism, session handling, intersystem communication, and, most importantly, application functionality and security policy.
Our testing methodology for mobile applications is built on a combination of the OWASP testing guide for mobile applications and our specialist experience in conducting such assessments, applying contextual knowledge on the application and it’s use case regardless of if native or cross-platform.
Mobile applications may require additional testing in comparison to web applications due to the difference in data processing. The approach we take, and the stages our consultants go through, are adapted to the scale of each specific project, and refined depending on your requirements and when access to the actual application is possible.
APIs and web services are systems or software that allow different machines to interact with each other through a network, usually using HTTP and XML, resulting in some advantages over web applications. Thanks to their increased usage and prevalence, this creates a whole new set of vulnerabilities to consider.
Testing relies on various techniques, again combining manual and automated methods, of attempting to forge payloads that could result in unexpected behaviour at the server end, allowing for an attack.
The approach for web services is similar to that for web applications, however there are certain differences owing to the lack of a graphical user interface and the nature of web services and APIs.
Keep up with the ever-changing threat landscape. Identify vulnerabilities before attackers do.