Salus Logo
Penetration Testing

Application Testing

Since 2017, Salus has advocated for integrating robust cybersecurity measures as standard business practice to secure modern organisations' interconnected environments and applications, reflecting its commitment to making good security synonymous with good business.

Security in today’s complex interconnected environments should be considered business as usual

We know that most modern organisations leverage applications to collaborate effectively, and many now also develop applications to offer functionality to your clients. Security in today’s complex interconnected environments should be considered business as usual. We believe (no surprise given the nature of our business) that good cyber security is good business practice. We’ve been pushing this since our founding in 2017 when the UK saw significant growth in cyber security at the board level.

Our application testing aims to break into your applications and identify security gaps, adherence to good practices, desired user behaviour, and application functionality abuse. The outcomes are that you will have confidence that your application has been “put through the wringer” and tested to the highest standards that the UK has available to measure competence. Salus’s experience in application security covers multiple disciplines to gain the correct depth of assurance in your application security strategy.

Application Testing Services

Android Application Testing

Android applications contain a moderately unique vulnerability posture, owing to the open nature of the operating system and the relatively widespread use of custom operating systems. This impacts the security of stored data and introduces significantly greater opportunities for an attacker to utilise application data for malicious gain.

To review this, our experienced consultants will utilise OWASP and wider security testing methodologies to evaluate the stored data, data in transit, and remote network service vulnerabilities affecting the security of your data, and your users’ data.

Web Application Penetration Testing

This testing is traditional application testing, where the principal concern is an unauthenticated or authenticated attacker gaining access to more data than desired, or in the worst instance, gaining a foothold on your internal system. The assessment will consist of a holistic test designed to evaluate all aspects of the web application, including authentication best practices and issues affecting specific versions of supporting libraries. In addition to issues affecting the application itself, our consultants have extensive experience in identifying data protection issues concerning legal requirements and organisation-specific security best practices. We use the best-practice Web Security Testing Guide as defined by OWASP, a globally recognised leader in maintaining and guiding organisations to more secure applications. As an organisation, Salus therefore aims to provide our clients with an assessment aligned to objectively controlled and reviewed testing standards.

Web Service / API Penetration Testing

APIs, similar to web applications, can consist of almost entirely the same exploits and vulnerabilities. With the use of single-page apps, and mobile applications, APIs are frequently the first element of your infrastructure a user will interact with. Whilst this is true, APIs are consistently considered backend services, and often not included in standard penetration testing scopes for solutions.

Whilst the complexity of the logic that APIs implement is frequently less than that of a full webpage, the implementation of access controls and input validation is still a significant concern. Furthermore, the use of the data must also be considered, with the possibility for output data to be used in a vulnerable context, resulting in a vulnerability.

The Salus approach to API testing is a collaborative one, where, if possible, the API is tested within the context of the data being used, such that all vulnerabilities and secondary systems affected by an exploit can be evaluated.

Thick Client Penetration Testing

Have you ever wondered what security implication installing software onto one of your devices has? Our thick client tests will identify all the security issues and risks that installing and using this software has to your security posture. Whether you’re installing something onto an enterprise server to support your organisation or on a user desktop environment, we can help with giving you the assurance you need.

iOS Application Testing

iOS application security frequently relies on the ‘walled-garden’ approach to security, where the assumption that the underlying system is secure leads to the implementation of less-secure functionality.

By bypassing the underlying controls on the system, our consultants can review the security posture of the application as it truly is, allowing your organisation to review the potential risk given the possibility of a weakened operating system.

Our testing processes align to OWASP, which provides an excellent basis for testing of mobile applications and web applications alike, and ensures an objective, repeatable test that is updated by a global force of information security professionals.

Binary Image

Our Approach

Whatever you're protecting, we apply defence grade cyber security skills whilst taking into consideration the realities of day-to-day business operations. We help our customers to address their known - and their unknown - cyber risks.

Here to Help
Tell Us Your Priorities!

Related Services