Web Service and API Penetration Testing
Web Services can provide direct access for hackers to critical business data.
A Penetration Test hardens your API, and prevents its use
as an attack vector against your organisation.
A Web Service Penetration Test is an authorised hacking attempt aimed at identifying and exploiting vulnerabilities in the architecture and configuration of a web service. The purpose of this test is to demonstrate the ways attackers can compromise a web service and gain access to an organisation’s virtual assets.
Shearwater’s Web Service Penetration Testing Methodology
Shearwater: The Gold Standard in Penetration Testing
Comprehensive Reporting
Shearwater offers in-depth executive level reporting which serves as a risk minimisation tool for management, and a technical document – listing vulnerabilities prioritised according to risk level – for the internal security team. The report also provides access to mitigation strategies based on Shearwater’s key insights into the cyber-threat landscape.
Post Engagement Follow Up
Our post engagement follow-up is an additional benefit that allows clients to engage us with questions, or seek guidance on issues referred to in our report.
Testing Standards
The Open Web Application Security Project (OWASP)
The National Institute of Standards and Technology (NIST)
Source Security Testing Methodology Manual (OSSTMM)
Penetration Testing and Execution Standard (PTES)
Penetration Testing Framework
Australian Government Security Policies and Guidelines
Customer Centricity
We listen to our clients to understand their goals. Our team also alerts security staff – in real time – to critical vulnerabilities and threats discovered.