Web Application Assessments
A Winmill Web Application Penetration Test consists of two phases: a black box penetration test, and an OWASP Top 10 security assessment. Phase 1 assesses how far a skilled attacker can get, without credentials or prior knowledge, towards compromising the application’s Confidentiality, Integrity, and Availability (CIA). This phase consists primarily of manual testing with BurpSuite Pro and open-source tools. Phase 2 is a grey/white box security assessment that starts with a credentialed vulnerability scan using Qualys WAS and open-source scanners and continues with manual testing in all OWASP Top 10 vulnerability categories.