Professional Documents
Culture Documents
Ethical Hacking
Web Application Testing
Our Approach
We have developed our own standardized methodology for
carrying out Ethical Hacking vulnerability assessments for
web applications.
Our methodology is based on industry standards, such as the
OWASP Testing Guide (OWASP Top 10) and ISSAF, along
with our own checklists, many years of experience, client
requirement documents, our own best practices and other
well-known references in publicly available resources, such
as, forums, technology bulletins, bug navigators and vendor
knowledge bases, hacker communities, internet, etc.
The first step is to determine the scope of your testing
requirement. Depending on your preference we can perform
an interview or share our questionnaire with you. Based on
the answers, we may issue an Ethical Hacking agreement
together with a Statement of Work which describes the scope,
deliverables, pre-requisites and associated pricing.
After approval from you, we start the Ethical Hacking
vulnerability assessment. During the vulnerability assessment,
you will be notified via a status update report about the
progress. After the actual testing has been performed, we will
issue a preliminary report. Within 10 days, we will present all
identified vulnerabilities in a final report. Once we have issued
the final report to you, you have 10 days to review and
request any changes. Any requested changes will be
discussed. Upon agreement, the final report will be updated
and re-issued. If no changes are requested during this
timeframe, the report shall be considered final and the project
completed.
Vulnerability Assessment
During the application testing, our EHCoE consultants will
examine the security controls being provided by the web
application.
Some of the aspects covered and their objective as a part of
this type of vulnerability assessment include:
Before we will start the actual testing, your technical team will
be consulted to ensure testing can continue without impacting
operations. Both commercial tools and EHCoE internally
developed tools and scripts are used during the testing. After
scanning for the vulnerabilities, a manual verification of
identified vulnerabilities will be performed to eliminate false
positives.
Why BT
Put your Ethical Hacking need into expert hands. We are one
of the worlds leading and most trusted security brands,
derived from a set of credentials that have been earned over
decades of experience in the field:
The results
During the testing, we will immediately report any critical
and/or high risk vulnerabilities identified via a status updates
report. When the testing has been completed, you will receive
a formal report that will contain:
BT Assure
Offices worldwide
The services described in this publication are subject to availability
and may be modified from time to time. Services and equipment are
provided subject to British Telecommunication plcs respective
standard conditions of contract. Nothing in this publication forms any
part of any contract.
British Telecommunication plc 2014
Registered office: 81 Newgate Street, London EC1A 7AJ
Registered in England No: 1800000
bt.com/btassure/ethical-hacking