Pucara Information Security also stands out due to its unique comprehensive assessment of web applications. We then operate under the standards set by the Open Web Application Security Project (OWASP) using the methodology proposed by their Testing Guide, examining all potential attacks’ vectors:

  • Information Gathering
  • Configuration and Deployment Management Testing
  • Identity Management Testing
  • Authentication Testing
  • Authorization Testing
  • Session Management Testing
  • Input Validation Testing
  • Testing Error Handling
  • Testing for Weak Cryptography
  • Business Logic Testing
  • Client-Side Testing

It is important to mention that if the application is in a testing environment, all kinds of Denial-of-Service (DoS), data destruction or data modification tests will be performed in order to make a realistic assessment. If the application is in a production environment, those tests will not be performed unless they are agreed upon with the client.

Let’s Get in Touch

We’re Not a Vendor
We’re Your Offensive Cybersecurity Partner.