Web Application
Penetration Testing

Security Simplified specializes in web application penetration testing and adopts a methodology based on the industry-security standards covering the full attack surface area, including the API endpoints. The penetration testing is performed with a checklist-based approach and in a controlled manner without impacting the availability of the application.

Security Simplified consultants identify and exploit each application-related vulnerability from a hacker’s perspective (Black and Gray box testing). We review every application functionality by interception and manipulation of parameters, hidden fields, HTTP request, API endpoint to exploit inherent weaknesses in the design and implementation of security controls in the web application. Every entry and exit points of the application are closely analyzed to discover legacy and inherent platform vulnerability.

Our methodology and test cases are derived from the below standards:

  • Open Web Application Security Project (OWASP)
  • OWASP API Security
  • Open Source Security Testing Methodology Manual (OSSTMM)

Our Methodology

Active & Passive Reconnaisance

Functionality Walkthrough

Test Plan Development

Service Enumeration

Network Vulnerabilty Scanning

Application Vulnerability Scanning

OWASP TOP 10 (2021) & Advanced Testing

Checklist Based Approach

Evidence Collection

Executive Summary

Finding, Severity Rating, Recommendation

Ongoing Support to Developer

Sample List of Checks

  • Authentication & Access Control
  • Session Management
  • Injection & Scripting Attacks
  • Business Logic Testing
  • Error Handling & Logging
  • Security Misconfiguration


  • Executive summary for the management
  • Vulnerability dashboard for the project team
  • Technical report for the development team
  • Vulnerability description, root cause, impact and remediation steps
  • Reporting and risk rating matrix based on OWASP standards

Want to work with us?

Do you need help finding information or want to know more about what Security Simplified services can do for you?


Copyright @2022 Security Simplified Limited