Part of penetration testing is the testing of applications. This is an important aspect of penetration testing because it allows you to test the applications used on your network and throughout your company. It includes the testing of web and standard apps, looking for vulnerabilities, and even some code review.
Review of code application
Code application review is the process of auditing the source code for an application to verify that the proper security controls are present, work as intended, and that they are invoked in all the right places. It is a process of ensuring an application is developed as “self-defending”. For example, reviewing said code could reveal embedded credentials. The remedial action would then be to remove the embedded credentials from the application. Embedded credentials are bad practices from a security perspective because if the application is accessed by a bad actor, the credentials can be viewed and taken advantage of.
Web application testing
This type of testing is used to identify exploitable vulnerabilities in applications before hackers are able to discover and exploit them. It will reveal real-world opportunities for hackers to be able to compromise applications in such a way that allows for unauthorized access to data that is sensitive, or even take over systems to malicious purposes.