Web Service Security Test

Identify vulnerabilities in a web service and its resilience to cyber attacks.

Improsec delivers an independent security test of a web service, such as a backend for mobile applications or an API for business service integration. Our in-depth technical tests will uncover vulnerabilities in the solution, assess their impact and provide detailed recommendations on remediation..

Value

  • Identify vulnerabilities in a web service and its resilience to cyber attacks

  • Determine if the web service is developed in accordance with best practices

  • Recommendations on how to strengthen the level of security and how hardening of the web service can be applied

Product

The deliverable of the analysis is a written report containing the following:

  • A non-technical section with an Executive Summary for management and decision makers

  • A technical section including detailed observations and tangible recommendations to improve the security level and hardening of the web service

Method

Our methodology is based upon our extensive experience within security testing of web services and is further supported by the OWASP framework and NIST guidelines for security testing. The methodology is specifically made for web service testing and covers areas such as:

  • Information Exposure

  • Configuration and Deployment Management

  • Identity Management

  • Authentication Mechanisms

  • Authorization Mechanisms

  • Session Management

  • Input Validation

  • Error Handling

  • Cryptography

  • Business Logic

  • Client-Side Attack Vectors

The test is performed as a combination of creative manual test actions and automated scans..

Involvement

The delivery requires minimal involvement of your technical staff.