• To address OWASP Top 10 Vulnerability:

1. Injection
2. Broken Authentication and Session Management (XSS)
3. Cross Site Scripting (XSS)
4. Insecure Direct Object References
5. Security Misconfiguration
6. Sensitive Data Exposure
7. Missing Function Level Access Control
8. Cross Site Request Forgery (CSRF)
9. Using Components with Known Vulnerabilities
10. Unvalidated Redirects and Forwards

Penetration Test 

• To identify:

1. Common Holes in Web
2. Bad Password
3. Directory Traversal
4. Old Directory/Folder
5. SQL/MySQL injection
6. Blind SQL/ MySQL injection – Cross site scripting
7. Cross site forgery
8. Bad Configuration
9. CGI-BIN Exploit & etc.

• To identify:

1. Network Mis-configuration
2. Open Port In Client Network – Unknown Port
3. Weird Connections
4. Firewall Configurations & etc.