ILT-Interlaboratory Test | Proficiency Testing Provider | Programs
ILT-U-1082

Request Quote
ILT-Interlaboratory Test | Proficiency Testing Provider | Programs

ILT-U-1082

Web Application Security Proficiency Test. Aligned with the App Defense Alliance Web Application Testing Guide (Version 2.0)

 

SKU: ILT-U-1082 Category: Tag:

Determination

Method

Authentication brute-force resistanceAuthentication testing, rate-limit evaluation, repeated login attempts
Presence of default or weak credentialsCredential testing using common/default account combinations
Session cookie security attributesInspection of HTTP responses and session cookie parameters
Session token predictabilityCollection and analysis of multiple session identifiers
Session invalidation effectivenessSession lifecycle testing and cookie reuse after logout
Unauthorized document access (IDOR)Resource identifier manipulation and authorization testing
Unauthorized document modificationParameter tampering and authorization validation
Unauthorized document deletionAuthorization testing of state-changing operations
Access control attribute manipulationClient-side parameter tampering and workflow testing
Access control failure conditionsDirect access testing without authentication or authorization
CSRF protection effectivenessCross-site request forgery testing of state-changing operations
Stored Cross-Site Scripting (XSS)Input injection, payload persistence testing, and browser execution validation
SQL InjectionInput manipulation, query behavior analysis, and exploitation testing
OS Command InjectionInput tampering using command metacharacters and response analysis
File upload security controlsMalicious file upload testing and content execution validation
Exposure of debug functionalityEnumeration of diagnostic endpoints and information disclosure analysis
Exposure of configuration filesDirect access testing of configuration resources and sensitive files
Exposure of secrets or API keysInformation disclosure analysis of application responses and debug interfaces
Technology and version disclosureHTTP header inspection and platform fingerprinting
Hidden or undocumented functionalityEndpoint enumeration, API discovery, and attack surface exploration
Business logic weaknessesWorkflow analysis, state transition testing, and process manipulation
False positive identificationValidation and verification of suspected vulnerabilities
Vulnerability impact assessmentExploitation analysis, privilege evaluation, and consequence assessment
Root cause determinationTechnical analysis of vulnerable functionality and implementation flaws
Remediation determinationIdentification of appropriate corrective security controls
Reporting determinationDocumentation of findings, evidence, impact, and recommendations

 

Share
Related products
Request Quote
ILT-Interlaboratory Test | Proficiency Testing Provider | Programs

ILT-U-2542

Software performance test. Desktop Application

Request Quote
ILT-Interlaboratory Test | Proficiency Testing Provider | Programs

ILT-U-3590

Web application security testing

Request Quote
ILT-Interlaboratory Test | Proficiency Testing Provider | Programs

ILT-U-1743

Software static test: Code verification to ensure safety requirements.

Request Quote
ILT-Interlaboratory Test | Proficiency Testing Provider | Programs

ILT-U-802

Mobile Application Security Proficiency Test. Aligned with the App Defense Alliance Mobile Application Security Testing Approach

Request Quote
ILT-Interlaboratory Test | Proficiency Testing Provider | Programs

ILT-U-2534

Software static test. Web Application

Request Quote
ILT-Interlaboratory Test | Proficiency Testing Provider | Programs

ILT-U-3586

Accessibility requirements for ICT products and services (Web pages)