Our Methodology

Certbar follows a OSSTMM and OWASP along with our weird testing methodology when it comes to performing VAPT services. Each service with its own R&D team and strategic approach.
We upgrade our methodology every six months.

Web App Security Testing

Certbar undertakes Web Application Security Testing (WAST) with manual approach with our unique and well researched methodology including but not limited to OWASP Top 10, OSSTMM guidelines, SANS Top 25, etc. helping our client's vital IT asset. We are highly focused on business logic vulnerabilities that are missed by automated scanners. Our team conducts internal discussions in a timely manner to discuss weird testing techniques which results in finding more vulnerabilities.


Our Approach to Dynamic Analysis

‘Black-Box’: Unauthenticated assessment where minimum details are shared with the tester before assessment takes place.
‘Gray-Box’: Authenticated assessment where maximum details are shared to ensure highest qualitative results which includes ‘Black-Box’ as well.

Our Approach & Methodology

In this era of technology where the dynamic application analysis is used on a wide scale we ensure our clients stay ahead of the emerging threats. We adapt and integrate more in our methodology from the current security standards such as ASVS by OWASP, SANS top 25, MITRE | ATT & CK, NVD, OWASP top 10, NIST, and OSSTMM.