Targeted attacks on web applications are still increasing. The infiltration of malicious code using weak points, so-called “injection-based attacks” in particular has risen sharply in the last year, closely followed by attacks granting hackers extended access privileges on mobile devices, so-called “privilege escalation attacks”. In order to enable you to secure the applications that drive your business, TÜViT offers penetration tests for web applications tailored to your needs.
Our methods
No matter what kind of information you provide (black/grey/white box approach), when performing the tests we use recognized standards and best practices such as OWASP, WASC and the German Federal Office for Information Security (BSI).
The penetration tests are performed as a combination of automated and manual tests, in order to achieve conclusive and high-quality results. This enables our IT security experts to identify specific vulnerabilities of web applications, e.g. SQL injection or cross-site scripting vulnerabilities.
Our services at a glance
- architecture and design analyses
- review of coding guidelines and security guidelines
- penetration tests using the black/gray/white box approach
- review of web application firewall rulesets
- optional performance of the SQ best practice certification procedure with the objective of a certificate being issued
Your benefits at a glance
- leverage the breadth of TÜViT security expertise: with TÜViT, you have as your partner one of the leading experts in the field of cyber security
- we are certified by the German Federal Office of Information Security (BSI) as an IT security service provider for IS audits, IS consulting, and penetration tests
- efficient performance of penetration tests using a specially developed test platform, the “Distributed Penetration Platform” (DPP)
- objective analysis and assessment of the established technical and organizational security measures in the field of web application security
- definition of your security maturity level on the basis of recognized standards and best practices (e.g. OWASP, WASC, and the German Federal Office of Information Security (BSI))
- increasing the efficiency and overall security level through derived recommendations for action that are individually tailored to your objectives and requirements
- fulfilling duties of care in test performance as well as security and compliance requirements