[FS-WAPT] Web Application Penetration Testing



A penetration testing is a method of evaluating the security of a computer system or network by simulating an attack. A Web Application Penetration Testing (WAPT) focuses on evaluating in-deep the security of a Web Application. The process involves an active analysis of the application for any weaknesses, technical flaws and vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution.

Our method is based on the black-box approach that simulate an outsider attacker. The tester knows nothing or very little information about the application to be tested. The test is divided into 2 main phases:

Passive mode: in the passive mode, the tester tries to understand the application's logic, and plays with the application, often using tools for information gathering. At the end of this phase, the tester should understand all the access points (gates) of the application (e.g., HTTP headers, parameters, and cookies).

Active mode: in this phase, the tester begins the actual attack session using the OWASP methodology with manual & automated tests.

Active tests are splitted in 9 sub-categories for a total of more than 66 security controls:


  • Information Gathering
  • Configuration and Deployment Management Testing
  • Identity Management Testing
  • Authentication Testing
  • Authorization Testing
  • Session Management Testing
  • Input Validation Testing
  • Testing for Error Handling
  • Testing for Weak Cryptography
  • Business Logic Testing
  • Client Side Testing



The strength of a valuable and effective Web Application Penetration Testing (WAPT) resides in Ethical Hacking and manual skills of the Tester, in his years-long experience and in his Analytic attitude, Coding and Exploiting skills - all of this are Fulgur Security's strengths.

A WAPT is not just an automated task and any security tools is useful but not the only thing rely upon on - in practice it's not the solution to the problem.

Our Web Application Penetration Testing is a more in-deep process that use our Ethical Hacking skills, tools and 0day exploits to evaluate Target in scope. This process is the only that can uncover vulnerabilities on Web Applications difficult or impossible to detect with automated application vulnerability scanning software only.

The biggest difference between us and other realities is that we offer our multi-annual and proven Ethical Hacking experience and professionalism (maturated in hacking/academic/professional circles) to perform our high-value Web Application Penetration Testing.



We use our manual pentesting skills and a patient, well thought-out, and methodical approach. We also use our own WAPT private products developed after years of Penetration Testing activities and our FS-PT Labs and the better WAPT Scanning tools/suites (Open & Commercial) like for example:




We strictly follow both OWASP and ETHICAL HACKING methodologies & our personal FULGUR SECURITY approach (born after many years of experience in hacking/darknet world and so focused to understand in-deep any cyber security threats) to perform our WAPT.



As a result of our Web Application Penetration Testing we delivery a Professional Security Report with an in-deep description of all issues found and their business/risk impact - we also propose Security Remediations and a Remediation Plan for all vulnerabilities found.



Please feel free to CONTACT US to get a quote.