Application testing services include web application, web service, client-server and legacy applications. We prefer to take a white box approach, testing with knowledge of the target application including functional specifications and source code where possible; and carry out testing from user perspectives as well as in the guise of an external attacker. This results in a review of the security-enforcing elements of code as well as a more conventional security assessment.
Context works constantly to identify possible enhancements to our industry-leading services and to share our knowledge with clients. To that end we have made our Context App Tool (CAT), a core application testing tool developed to meet the needs of more complex systems, available as a free download from our website. CAT was designed for more in-depth testing of individual applications and has a richer feature-set than other commercial or open source testing tools.
We use a mixture of manual and tool-based testing with a proprietary methodology, encompassing:
- Authentication Analysis and Authorisation Analysis
- Session Management Analysis
- Encryption Analysis
- Application Information Leakage Analysis
- Input Validation and Data Sanitisation Analysis
- Application Logic Analysis
- Source code audits (where appropriate)