Application Testing

Application testing services include web application, web service, client-server and legacy applications. We prefer to take a white box approach, testing with knowledge of the target application including functional specifications and source code where possible; and carry out testing from user perspectives as well as in the guise of an external attacker. This results in a review of the security-enforcing elements of code as well as a more conventional security assessment.

Context works constantly to identify possible enhancements to our industry-leading services and to share our knowledge with clients. To that end we have made our Context App Tool (CAT), a core application testing tool developed to meet the needs of more complex systems, available as a free download from our website. CAT was designed for more in-depth testing of individual applications and has a richer feature-set than other commercial or open source testing tools.

We use a mixture of manual and tool-based testing with a proprietary methodology, encompassing:

  • Authentication Analysis and Authorisation Analysis
  • Session Management Analysis
  • Encryption Analysis
  • Application Information Leakage Analysis
  • Input Validation and Data Sanitisation Analysis
  • Application Logic Analysis
  • Source code audits (where appropriate)

© Copyright 2013 Context Information Security