Bithex WSC™ Penetration Testing and Security Assessments of Websites and Web Applications

Bithex web application security testing is about covering every possible aspect of a web application, detecting potential security issues and vulnerabilities and give advice on fixing.

Bithex WSC is a security assessment project designed to examine security aspects of web site components such as login pages, session handling and management, data validation, web server configuration, application server settings, code review, etc.

By far, the biggest part of Bithex WSC is penetration testing and fraudulence tests on the web application’s features and interface. Bithex WSC is useful for anyone who needs to carry out security and risk assessments of their web applications and websites, whether required by internal or external sources, such as security standards or regulations, or just one’s own desire to keep their web applications in top security posture.

How is Bithex WSC Penetration Testing Executed?

Bithex WSC is about analyzing and examining all possible inputs of a website or web application. Common security threats to websites are tested as well as common methods of misuse, such as changing another user’s settings or data, or accessing restricted data and code in the web application.

More exactly, our method goes as follows:

  • We analyze your web application and design a thorough test plan.
  • We execute penetration tests, fraudulence tests and analyze all issues.
  • You will fix issues that must to stand up to security criteria.
  • We verify your fixes by re-testing.

Why penetration test a web application?

Questions we try to address and answer with Bithex WSC are commonly: “Can you penetrate the system, and how?”“Can you access pages without proper authority or authentication?”“Can a user see or change data he should not see?”“Can a user with normal access do anything abnormal?”“What are the chances of someone abusing my system?”“What is the overall security posture?”.

What is included in Bithex WSC security assessments?

A typical Bithex WSC security assessment covers the following aspects:

  • Total web site content crawling and analysis.
  • Session management issues, session hijacking, guessing etc.
  • Authentication system analysis and brute force login.
  • Data validation testing and analysis.
  • Client side parameter tampering.
  • SQL Injection attacks/misuse.
  • Remote command injection/execution.
  • Exception handling and errors.
  • Code review of data validation modules.
  • Source code disclosure.
  • Review and consulting on design principles.
  • Web server, application server and database server configuration analysis.
  • Detailed issue reporting and tracking.
  • Bithex WSC test fulfill requirements PCI DSS 6.5 on application security.

Test cases for fraudulence and security requirements

Beside general web application security testing, we execute security tests on regular features and functionality of the web application in question. Feature tests try out fraudulence operations within the system it self, such as access to data belonging to other users, transactions executed in the name of other users, making changes to attributes of other users, etc.

Tests of fraudulence, together with general security testing, are an important part in fully verifying that the application performs as expected.

Methodology and tools used in Bithex WSC

Bithex WSC penetration testing will cover web application security requirements from the standpoint of security standards such as OWASP Testing Guide, PCI DSS and more. We use documented procedures in all of our security assessments. Bithex WSC security assessments depend on a mixture of manual and automated methods. A multitude of tools is used depending on the type and nature or the web application under test.

Price

Price of Bithex WSC penetration testing depends on the size and nature of the web application in question. We will do a quick content analysis of your application before providing a fixed price offer. Don’t hesitate to contact us for more information.