*#REDIRECT [[Penetration testingtest]] ▼{{Mergeto|penetration testing|date=December 2006}}
'''Web application penetration testing''' refers to a set of services used to detect various security issues with [[web applications]].
==Overview==
Enterprises across the world are performing their business on the web, yet only a meager percentage of websites are regularly and professionally tested for vulnerabilities. This increases the chances of website attacks and eventually leads to compromise of applications.
Web Application Penetration Testing services help identify issues related to:
* Vulnerabilities and risks in your web applications
* Known and unknown vulnerabilities (0-day) to combat against the threat until your security vendor provides the appropriate solution.
* Technical vulnerabilities: [[URL]] manipulation, [[SQL injection]], cross site scripting, back-end authentication, password in memory, session hijacking, web server configuration, credential management etc,
* Business Risks: Day-to-Day threat analysis, unauthorized logins, Personal information modification, pricelist modification, unauthorized funds transfer, breach of customer trust etc.
==See also==
▲* [[Penetration testing]]
* [[CREST Certified Consultant]]
==External links==
* [http://www.owasp.org/index.php/Main_Page OWASP]
* [http://www.plynt.com/resources/learn/penetration-testing/#entry-242 How is scanning different from an application penetration test?]
[[Category:Web applications]]
[[Category:World Wide Web]]
{{computer-stub}}
| 