Website Penetration Testing

Typically focused on an opportunistic, Internet based, attacker, this type of penetration testing focuses on compromising or obtaining privileged access to data stored or processed by a client's website(s).

Generally, the team will start with an initial connection to the website over the Internet. Depending on the scenario, the team may have accounts provisioned for them by the client, which they can use to test the website(s), or they may register accounts themselves.

It is common for this type of testing to be performed against a dedicated copy of the website(s), however, the consultant teams are also experienced in testing against live, production environments.

The team will typically work through the following phases, and depending on their progress, may repeat stages several times to ensure the best possible coverage can be obtained in the time allowed: