Security specialists

ThreatLabs specializes in security assessments providing valuable insights into vulnerabilities and weaknesses as well as actionable advice to increase the security posture of IT assets and environments.

Application pentest

A penetration test for web applications and/or APIs is primarily focused on the application layer. Since insight into potential vulnerabilities and weaknesses in breadth (over depth) is often desired, it is effectively a vulnerability assessment.

Questions or request a quote?

Test activities are performed using a comprehensive methodology with known and relevant attack vectors. Our methodology is based on various (open) standards, including the Penetration Testing Execution Standard (PTES) and includes the following lists of common risks compiled by OWASP:

Top 10 Web Application Security Risks

  • A01:2025 - Broken Access Control
  • A02:2025 - Security Misconfiguration
  • A03:2025 - Software Supply Chain Failures
  • A04:2025 - Cryptographic Failures
  • A05:2025 - Injection
  • A06:2025 - Insecure Design
  • A07:2025 - Authentication Failures
  • A08:2025 - Software or Data Integrity Failures
  • A09:2025 - Security Logging and Alerting Failures
  • A10:2025 - Mishandling of Exceptional Conditions

Top 10 API Security Risks

  • API1:2019 - Broken Object Level Authorization
  • API2:2019 - Broken User Authentication
  • API3:2019 - Excessive Data Exposure
  • API4:2019 - Lack of Resources & Rate Limiting
  • API5:2019 - Broken Function Level Authorization
  • API6:2019 - Mass Assignment
  • API7:2019 - Security Misconfiguration
  • API8:2019 - Injection
  • API9:2019 - Improper Assets Management
  • API10:2019 - Insufficient Logging & Monitoring