Web Application Vulnerability Assessments (WAVA)
A web application vulnerability assessment (WAVA) is the spidering of a website in order to identify potential test points within a web application. A WAVA includes a web application vulnerability scan (WAVS), with the added benefit of additional analysis by the assessor who performs the tests in order to identify false positives—as well as to prove a vulnerability, or multiple vulnerabilities, exist.
Different from a WAPT, the ultimate goal of a WAVA is not to penetrate the application, but to report on the vulnerabilities found. With a WAVA, vulnerabilities are investigated, documented, and reported according to the potential damage (risk rating) that they may cause should they be exploited.
Benefits of a Web Application Vulnerability Assessment
A WAVA provides an in-depth evaluation of your application security posture. It helps you identify weaknesses while also providing you with appropriate mitigation procedures required to either eliminate weaknesses within your web application(s)… or mitigate the level of risk as much as possible.
- Enumerate and identify application vulnerabilities
- Identify misconfigurations, false positives, and unpatched applications
- Determine remediation recommendations and enhance security
- Includes a web application vulnerability scan (WAVS)
- Recurring, annual, or project-based
The MainNerve WAVA Process
MainNerve’s web application vulnerability assessment services utilize a blend of automated scans through the use of open source and commercial tools. We approach the WAVA process in this fashion with the overarching goal of providing a truly comprehensive assessment of your web application(s).
Each scan is followed by a verification and analysis of the application by a highly-skilled MainNerve security engineer. We include a web application vulnerability scan (WAVS) in all of our web application vulnerability assessments, with additional analysis by the assessor in order to identify and/or verify false positives.
MainNerve performs each and every WAVA based off the methods detailed in the Open Web Application Security Project (OWASP) Testing Guide for Web Application Security Assessments. We examine any identified vulnerabilities to determine whether they can be exploited by an attacker to compromise targeted applications or used to gain access to sensitive information. Our methodology includes specific assessment and scanning phases with continual reporting throughout the WAVA process.
At MainNerve, we take great pride in the Reporting/Delivery phase of our WAVA process. In fact, we consider it to be the most important phase of the process. We take great care to ensure we effectively communicate the value of our service and findings as thoroughly as possible. Our main goal is to ensure that all information is clearly understood and that all discovered vulnerabilities, and associated risk, have been clearly defined. A MainNever WAVA Final Report includes:
- Executive Summary
- Statement of Scope
- Statement of Methodology
- Discovery and Results
- Remediation Recommendations
- Risk Rating