Xano Documentation

Penetration Testing

OWASP Web Application Pen Test
A penetration test, (aka Pen Test) is a simulated cyber attack against Xano to check for exploitable vulnerabilities. Penetration testing involved the attempted breaching of the Xano system (e.g. APIs, frontend & backend servers, etc.) to uncover vulnerabilities, such as inputs that are susceptible to code injection attacks.
The results of a pen test can be used to gain insight, adjust security policies, and patch realized vulnerabilities.
Penetration Test Life Cycle
1) Reconnaissance: Intelligence is gathered and test goals are defined.
2) Scanning & Exploration: Scanning tools are used to understand the system and network weaknesses, and how the target responds to intrusions.
3) Exploitation & Penetration: Web application attacks are staged to uncover a target's vulnerabilities, and attempt to escalate privileges.
4) Persistent Access: APIs are imitated to see if a vulnerability can be used to maintain access
5) Analysis & Configuration: Results are used to configure settings before testing is run again.