application security assessment

EWA-Canada's methodology for application security testing is based upon the Open Web Application Security Projects (OWASP) standards for designing secure applications, as well as their standards for testing and penetrating application security. Unlike network and system testing, where the work primarily involves testing to identify known vulnerabilities in specific technologies, the custom nature of most applications significantly reduces the effectiveness of automated tools. As a result, our methodology for performing application VA activities relies more on the skill of our application security experts than on specific application testing tools.

While EWA-Canada has performed uninformed “black-box” application security testing, our preference is to work with our clients to conduct informed testing with our tester normally having access to the application’s designers and documentation. We have found this approach provides the most cost-effective and thorough method of assessing an application’s operational security.


EWA-Canada has extensive experience assessing multi-tiered applications implemented using a variety of frameworks and technologies, and our web application security testing methodology can identify over 40 types of potential application vulnerabilities in the following 12 different categories:

  • denial of service;
  • access control;
  • session management;
  • configuration management;
  • error handling;
  • data protection;
  • input validation common;
  • input validation cross site scripting;
  • input validation sql injection;
  • input validation os command injection; and
  • input validation ldap injection.

Please Contact Us for further information.