Testing the security of web applications is crucial. Huge amounts of business critical data can be stored on web apps, therefore they are top target for attackers. We have extensive experience in testing off the shelf and bespoke applications

Security testing should be carried out throughout the Software Development Lifecycle to ensure the application is as robust as possible.

Our Consultants will test the application against the OWASP Top Ten vulnerabilities, which includes SQL Injection, Cross-site Scripting, and Unrestricted Access to certain files or directories. If we discover certain known vulnerabilities in a commercial application, the consultant will attempt to exploit the vulnerability, unless the vulnerability is known to cause Denial of Service issues. Once the application has been tested against the OWASP Top 10, we will check for lesser known vulnerabilities which may still affect the application. In addition, we will test for logic and other errors that the OWASP Top 10 would not identify.

Staddon Web App testing


Typically, we will test with different levels of credentials; ideally with access to two accounts or more at each level (e.g. unathenticated user, authenticated user and admin user).

Unauthenticated User icon

Unauthenticated User

Our consultant will attempt to authenticate without credentials, or gain access to functionality that should only be available to authenticated users

Authenticated User icon

Authenticated User

With an authenticated account our consultant will try to access or modify the details of other users or gain access to other users data that they should not be able to

Admin User icon

Admin User

As an admin user our consultant will perform application functionality mapping activities and user privilege escalation attacks


For a detailed methodology or more information on Web Application Testing