Web Application Penetration Testing

web application penetration testing services are derived from the the open web application security project (owasp) and heavily augmented by real time dynamic testing. owasp is the de facto standard for designing and testing secure web applications. netragard focuses on key areas of owasp that include but are not limited to the following:a1 injectioncan we send malicious code/scripts to the system?a2 broken authentication and session managementsecure authentication is hard. can we exploit parts of the app, like: logout, password management, timeouts, remember me, secret questions, account update, etc.a3 cross-site scripting (xss)can we untrusted data to exploit the interpreter in the browser? the most wide spread web application security flaw.a4 insecure direct object referencecan we change parameters to gain access to unauthorized objects?a5 security misconfigurationcan we access default accounts, unused pages, unpatched flaws, unprotected files or directories, etc. to gain unauthorized access to or knowledge of the system.a6 sensitive data exposurecan we get unencrypted or weakly encrypted sensitive data by a man in the middle attack, exploiting the browser, stealing keys, interception clear text in transit, etc.a7 missing function level access controlis access granted when a user changes parameters to access privileged functions?a8 cross-site request forgery (csrf)can we forge an http request and trick users into submitting them?a9 using components with known vulnerabilitiescan we use scanning or manual analysis to find a weak or bad components?a10 invalid redirects and forwardscan we use the system to redirect or forward the user to a phishing site or malicious url?