Penetration Testing

OWASP Web Application Pen Test

A penetration test, (aka Pen Test) is a simulated cyber attack against Xano to check for exploitable vulnerabilities. Penetration testing involved the attempted breaching of the Xano system (e.g. APIs, frontend & backend servers, etc.) to uncover vulnerabilities, such as inputs that are susceptible to code injection attacks.

The results of a pen test can be used to gain insight, adjust security policies, and patch realized vulnerabilities.

Penetration Test Life Cycle

1) Reconnaissance: Intelligence is gathered and test goals are defined.

2) Scanning & Exploration: Scanning tools are used to understand the system and network weaknesses, and how the target responds to intrusions.

3) Exploitation & Penetration: Web application attacks are staged to uncover a target's vulnerabilities, and attempt to escalate privileges.

4) Persistent Access: APIs are imitated to see if a vulnerability can be used to maintain access

5) Analysis & Configuration: Results are used to configure settings before testing is run again.

Last updated