During the security verification session, the pen-testers investigate a system’s components that are known to create vulnerabilities. Below is the complete list of areas where the investigation will occur:

  • Architecture, design and threat modelling
  • Authentication
  • Session management
  • Access control
  • Malicious input handling
  • Cryptography at rest
  • Error handling and logging
  • Data protection
  • Communications
  • HTTP security configuration
  • Malicious controls
  • Business logic
  • File and resources
  • Mobile
  • Web services
  • Configuration