Web Application Penetration testing

Testing Methodologies & Reporting Standards

• OWASP Web Security Testing Guide (WSTG)
• NIST Technical Guide to Information Security Testing and Assessment
• PCI DSS: Penetration Testing Guidance
• FedRAMP Penetration Test Guidance
• ISACA’s How to Audit GDPR
• Common Vulnerabilities and Exposures (CVE) Compatible
• Common Weakness Enumeration (CWE) Compatible
• Common Vulnerability Scoring System (CVSSv3.1)

Covered Vulnerabilities

• CWE / SANS Top 25
• PCI DSS (6.5.1-6.5.10)
• OWASP Top 10