Skip to content

Ember Lake’s approach to penetration testing and vulnerability assessments are based upon guidance outlined within NIST SP 800-53 and industry-backed best practice. Years of fine-tuning results in an all-encompassing approach to identify vulnerabilities and misconfigurations affecting external and internal network devices.

A Dynamic Application Security Test (DAST) analyses web applications via their front-end to identify vulnerabilities through a series of simulated attacks. This type of approach evaluates an application from the “outside in” by emulating methodologies taken by attackers to abuse an application and its databases. During this assessment, we utilise manual and automated tools to perform these attacks, searching for unexpected result sets to identify security vulnerabilities.

Our assessment looks under the hood of web applications, whether hosted on premises or in the cloud, to identify vulnerabilities identified by the Open Web Application Security Project (OWASP). Our approach includes reconnaissance of the application, mapping data flows and responses to valid requests and then performing a large array of negative or “out of bounds” testing to identify responses to invalid requests. We review these responses to gain further knowledge of potential misconfigurations and security flaws.

DAST Assessments test for the presences of all vulnerabilities critical to web applications as identified by OWASP. Each assessment is made up of five testing phases, similar to our Penetration Testing & Vulnerability Assessment methodology, to ensure an exhaustive review of the application’s security:

  • Reconnaissance
  • Threat Modeling
  • Vulnerability Analysis
  • Exploitation
  • Post-Exploitation

Contact us today to speak with one of our cyber professionals to see how Ember Lake can help.