Aapladawakhana Service Delivery Proposal

  1. Home
  2. Docs
  3. Aapladawakhana Service De...


  1. Automated Vulnerability Scanning: Automated Vulnerability Scanning of the
    application to identify obvious and common security holes – (Production replica/Test


  1. Application Penetration testing: Tests will be performed with the intention to identify
    the possible internal and external abuse of the application’s sensitive information
    (Test Environment/Production replica

A high-level approach for conducting Security testing of the Application

  1. Information Gathering: In this phase, the test team will make an effort to understand the
    target system to gather the data required for overall Security testing
  2. Vulnerability Assessment: The objective of the phase is to uncover all the possible
    vulnerabilities in the Web Server and Application under test.
  3. Penetration Testing: In this phase, the target system is subjected to attack and exploited
    manually with the information gathered in the previous phases of testing in order to
    confirm the identified vulnerabilities
  4. Security Test Reporting: A security test report is produced with all the identified
    vulnerabilities for their implications and possible counter measures

OWASP Methodology for testing and focuses on following potential vulnerabilities:

  1. Business logic bypass
  2. SQL / XSS / HTML Injection
  3. Session Management
  4. CSRF vulnerability
  5. Sensitive data exposure
  6. Insecure direct object references
  7. Missing function level access
  8. Privilege escalations
  9. Encryptions