LEAN SECURITY uses the comprehensive penetration testing methodology to assess the security of the web application and identify the security risks. The methodology is based on OWASP and NIST recommendation. Various tools and the techniques are used to discover the vulnerabilities within the target web application. Each application is manually audited by an experienced penetration tester with the assistance of penetration testing tools such as the Burp Suite. The audit attempted to identify not just common classes of security vulnerabilities, but also vulnerabilities specific to the application itself.

Also known as Source Code Analysis, Static Code Analysis is usually done as part of white-box testing or Code Review. It’s performed at the Security Development Lifecycle’s implementation phase. Static Code Analysis usually pertains to the running of SCA tools that try to underline possible vulnerabilities in non-running or static source code by using methods like Data Flow Analysis and Taint Analysis. Ideally, security flaws would be found by such tools with a high level of confidence that what’s detected is really an error, but this not enough for many forms of application security flaws. Such tools, thus, often function as aids for analysts to help them determine security relevant parts of code so that they can detect errors more effectively.


Our comprehensive demand to this mobile application testing is to see and determine the entire technology pile including network, server and client. This comprehensive and holistic approach is utilized so that unwanted vulnerabilities detected in the component can be utilized while testing the server. Before the testing begins, we facilitate full installation of application and carry out inclusive walk-through utilizing several functions available. We identify ways on how components work altogether and leverage the flow as assessment takes place continuously. 

Web Services Penetration Test

Typically, web services give users access to a standardized function across the board that’s called with an API by a range of applications, such as mobile apps or B2B services. It’s often a set of functions given to users to make achieving business goals more achievable.

It’s a well held belief that outsiders from the site cannot see these features, or interact with them directly since they aren’t linked to the business or the function is not accessible normally through any given web browser. However, the more and more ingenious underground hackers are targeting this flaw to manipulate businesses from the inside.

Cloud Security