A Penetration Test hardens your API, and prevents its use
What is a Web Service Penetration Test?
A Web Service Penetration Test is an authorised hacking attempt aimed at identifying and exploiting vulnerabilities in the architecture and configuration of a web service. The purpose of this test is to demonstrate the ways attackers can compromise a web service and gain access to an organisation’s virtual assets.
Benefits to your business
- Gain competitive advantage – Web Services such as APIs provide your applications with avenues for growth through integration with mainstream products. Good security measures are key in supporting such initiatives
- Protect data transmitted between users and web services from being intercepted by a malicious attacker
- Get independent verification of the security measures around your web service
- Reduce risks, legal costs and ramifications due to a data breach
- Get actionable recommendations that developers can follow during development, or when implementing upgrades
- Ensure compliance with PCI DSS and other security standards
- Verify alignment with OWASP and ensure that the most common exploitation mechanisms are addressed
- Provide management with a proof of exploit, which outlines the assets that an attack can compromise
Shearwater’s Web Service Penetration Testing Methodology
Shearwater: The Gold Standard in Penetration Testing
Here is how we raise the bar:
Comprehensive Reporting
Shearwater offers in-depth executive level reporting which serves as a risk minimisation tool for management, and a technical document – listing vulnerabilities prioritised according to risk level – for the internal security team. The report also provides access to mitigation strategies based on Shearwater’s key insights into the cyber-threat landscape.
Post Engagement Follow Up
Our post engagement follow-up is an additional benefit that allows clients to engage us with questions, or seek guidance on issues referred to in our report.
Testing Standards
The Open Web Application Security Project (OWASP)
The National Institute of Standards and Technology (NIST)
Source Security Testing Methodology Manual (OSSTMM)
Penetration Testing and Execution Standard (PTES)
Penetration Testing Framework
Australian Government Security Policies and Guidelines
Customer Centricity
We listen to our clients to understand their goals. Our team also alerts security staff – in real time – to critical vulnerabilities and threats discovered.
Our Certifications
