Bonsai Information Security - Services

Web Application
Penetration Testing

Bonsai’s Web Application Penetration Testing service allows you to discover the risks posed by vulnerabilities in your organization’s Web Applications. Our service provides a thorough identification of all vulnerabilities, their actual risk level and detailed recommendations to remediate them.

Bonsai’s Web Application Penetration Testing Methodology

Our methodology is built around a manual testing process that identifies all types of vulnerabilities and logical flaws that are not typically detected during automated web application scanning. Our methodology goes well beyond looking for the OWASP Top Ten issues:

  1. Information Gathering: we fingerprint the Web server, programming framework, Web Application Firewall, and create a complete Web Application site map.
  2. Assessment: using the previously gained knowledge, specially crafted HTTP requests are sent to the target Web Application, in order to identify vulnerabilities.
  3. Exploitation: all vulnerabilities are exploited using cutting edge techniques. The aim of this phase is to demonstrate the real risk associated with each vulnerability.

Common Web application vulnerabilities identified during the Web Application Penetration Test include:

  1. SQL Injection
  2. Cross-Site Scripting (XSS)
  3. Authentication Bypass
  4. Application Logic Flaws
  5. Local file inclusions
  6. Code Execution


Our deliverables include the following:

  1. Technical report
  2. Executive summary
  3. Strategic recommendations

Did you know that 70% of vulnerabilities affect Web Applications?

Get a Quotation and start the process of securing your Web Applications.