A good assessment covers:

HTML Injection and Cross-Site Scripting (XSS) Often misunderstood by security firms, HTML injection impacts the DOM structure where data and code mix in undesirable ways. Cross-site Request Forgery (CSRF) This attack forces the browser into initiating a request without the victims knowledge. SQL Injection and Data store manipulation SQLi is easier to defend against than HTMLi but here, the attacker manipulates commands between the app and the db. Authentication Schemes An attacker can either use pilfered passwords or bypass the authentication check in interesting ways. Design Defincies Here obscure attacks such as TOCTOU and other race conditions and logic flow vulnerabilities, often overlooked by security firms proliferate. Platform weakness Well implemented apps become compromised by architecture flaws the app runs on. Browser & Privacy Attacks Fingerprinting and other privacy misuse and ways a website attacks the browser.

What you receive: (sample report generated by Powertrain)

A detailed report that presents security issues with an assessment of the impact and a proposal for mitigation or a technical solution. Severity is based on industry standards for assessing the severity of software security vulnerabilities; a standard to prioritize remediation and resources according to threat. Contact us asap by using the online chat to get started! Or send us a message.