Request a penetration test
Web software evaluation in this center is generally based on the OWASP and PTES
methodology, but a set of other guidelines and methodologies such as the NIST
methodology are also used to achieve better results in evaluation and reporting.
The software security test is performed based on the OWASP ASVS version 4.0
standard at different security levels and at three levels:
1. The software in question is checked against software security
vulnerabilities (including OWASP list vulnerabilities) that can be easily
discovered.
2. The software in question is checked for most of the risks faced by
software today. Level 2 ensures that the correct security mechanisms are
implemented and are effectively implemented within the software.
3. The software in question is properly checked for advanced security
vulnerabilities and its security design principles. At this level, the modularized
software and the security responsibilities of each module are carefully and
completely reviewed. These responsibilities include monitoring for confidentiality,
integrity (validation), accessibility, authentication, non-repudiation, authorization
and inspection.
The process of obtaining a security certificate for the website is as follows:
1. Employer: sending a software review request on the web by filling in website
information forms and access rules
2. APA Center: checking the website and announcing the cost and requirements
from the center
3. Employer: Confirmation of cost, contract and payment
4. APA center: conducting security test and providing managerial and technical
report along with providing solution to eliminate vulnerabilities
5. Employer: fix reported vulnerabilities or request to fix vulnerabilities or consult
with APA center
6. APA center: re-testing the security and presenting the web software security
certificate if the aforementioned