Security
The Web Application Penetration Test (WAPT) is an experimental investigation into the security of a web application, aimed at identifying vulnerabilities that could be exploited to perform unauthorized access and controls that should protect the application from such attempts. WAPT is therefore an activity aimed at obtaining administrative privileges without being entitled to them, to simulate damage to computer systems or theft of sensitive data by a threat agent. The activity is carried out using generally more sophisticated techniques than those commonly used by non-expert users, with the aim of contributing to improving the safety level of the systems examined. The main purpose is to bring out the flaws in the applications subject to the test, with particular regard to the confidentiality, integrity and security of the data and information residing there, such as:
- unauthorized access to sensitive information or to other users.
- deficiency in the authentication procedure.
- theft of confidential credentials and / or data.
- impersonation of other users.
- verification of the application flow in search of weaknesses.
- affect the application.
- compromise of the server providing the service.
At the end of the investigation, a report is presented on the identified vulnerabilities and recommended countermeasures to make the application more secure.
Technologies