Web applications are analyzed for vulnerabilities that could cause information leakage, unauthorized access, or privilege escalation.
Assessments of web applications are usually performed from the perspective of unauthorized and authorized users, with the goal of discovering known vulnerabilities in the web servers, application servers, and databases. Radical Security then checks the application for common vulnerabilities similar to those described in the OWASP testing guidelines.
Automated testing is not capable of discovering logic errors and improper designs which lead to security vulnerabilities. Radical Security always includes extensive testing for the presence of common injection vulnerabilities that allow unauthorized access or privilege escalation. While we will utilize various penetration testing tools to assess a web application, we may also develop customized exploits and scanners to attack a web application.