Web Application security assessment consists of black box testing approach followed by gray box testing. Within the black box testing, no information except the target IP / URL is provided to the penetration testers. Within the gray box testing approach, valid test credentials are used to log in to the application(s) to carry out the assessment test by imitating malicious application(s) user’s behavior.

Runtime Vulnerability Assessment is an integral part to the process, which aims at detecting security vulnerabilities in the application through detailed examination of the application in a runtime environment.

Several industry best practices are part of the overall application security testing including but not limited to OWASP Top 10, CIS Benchmarks and Best Practices.