Web Application Vulnerability Assessment & Penetration Test​

RedPoint Security will attempt to penetrate the target web application to determine the effectiveness of your web application security controls. The test uses automated and manual tools to uncover vulnerabilities. Verification will also be performed to filter out any false positives commonly reported by automated tools. A report will be provided detailing all vulnerable controls, successful exploits, exploitation steps and recommendations on how to secure the vulnerabilities. The risk level based on the exposure of the vulnerability and the impact of exploiting the vulnerability will also be highlighted in the report.

• The test will attempt to
  • bypass application protections and gain access to unauthorized data, ​
  • identify poor security practices, and 
  • look for general security vulnerabilities.​
• Performed using automated and manual testing.
• Automated scanner/tool result will be analysed and false positives findings will be removed. ​
• Role based testing will be performed for unauthorized access to sensitive/privileged data and functions.​
• The test is performed using OWASP Top as security baseline for testing.​

Mobile Application Vulnerability Assessment & Penetration Test​

RedPoint Security will assess the actions of a target mobile application mainly the security of the protocol used, the data written and read to and from the mobile file system, vulnerable libraries used and the various functionalities of the mobile application. Any insecure actions or infringement of policies will be reported.

• For Android and iOS applications​
• The test will attempt to ​
  • bypass application protections and gain access to unauthorized data, ​
  • identify poor security practices, and ​
  • look for general security vulnerabilities.​
• Performed using automated and manual testing. ​
• Automated scanner/tool results will be analysed and false positives findings will be removed. ​
• Role based testing will be performed for unauthorized access to sensitive/privileged data and functions.
• OWASP Mobile Top 10 is used as the security baseline for testing.​

Thick Client Security Assessment

RedPoint Security will assess the actions of a target thick client application mainly the security of the protocol used, the data written and read to and from the file system, vulnerable libraries used and the various functionalities of the application. Any insecure actions or infringement of policies will be reported.