What is a Web Application Penetration Testing?

A penetration test is a method of evaluating the security of a computer system or network by simulating
an attack. A Web Application Penetration Test focuses only on evaluating the security of a web application The process involves an active analysis of the application for any weakness, technical flaws or vulnerabilities. Any security issues that are found will be presentd to the system owner together with an assessment of theor impact and often with a propsal for mitigation or a technical solution.

In a perfect world, we would all learn about preventing hack attacks before they happen. But sometimes the hack happens first and the lessons come second. This is the tale we are talking about today – based, in true Hollywood tradition, on a true story.

The lead in this story is a mid-sized organization – large enough that its website plays an important public role in operations but small enough that the few full-timers are very busy and there is no budget for any dedicated IT staff.