Manual Application Vulnerability Assessment (MAVA)
The manual application vulnerability assessment is in-house dynamic grey-box application level manual security testing service. Testing is done in a pre-production environment (usually staging) with authentication credentials to test companies provisioned by the development teams.
The service is designed to identify application level weaknesses and vulnerabilities, most of which are covered in OWASP Top 10. Some of the findings may be infrastructure related, such as TLS configuration, web server errors, exposure of sensitive files. Most findings are discovered during authenticated testing. Usually several sets of credentials on at least a couple of different tenants are required for a test to uncover missing function level access control, and cross tenant isolation flaws.
For each web application we perform our baseline security tests as a minimum and technology specific tests on top of that depending on the situation.