Test activities are performed using a comprehensive methodology with known and relevant attack vectors. Our methodology is based on various (open) standards, including the Penetration Testing Execution Standard (PTES) and includes the following lists of common risks compiled by OWASP:
Top 10 Web Application Security Risks
- A01:2021 - Broken Access Control
- A02:2021 - Cryptographic Failures
- A03:2021 - Injection
- A04:2021 - Insecure Design
- A05:2021 - Security Misconfiguration
- A06:2021 - Vulnerable and Outdated Components
- A07:2021 - Identification and Authentication Failures
- A08:2021 - Software and Data Integrity Failures
- A09:2021 - Security Logging and Monitoring Failures
- A10:2021 - Server-Side Request Forgery
Top 10 API Security Risks
- API1:2019 - Broken Object Level Authorization
- API2:2019 - Broken User Authentication
- API3:2019 - Excessive Data Exposure
- API4:2019 - Lack of Resources & Rate Limiting
- API5:2019 - Broken Function Level Authorization
- API6:2019 - Mass Assignment
- API7:2019 - Security Misconfiguration
- API8:2019 - Injection
- API9:2019 - Improper Assets Management
- API10:2019 - Insufficient Logging & Monitoring