Test Your Defenses Before Someone Else Does

Application Penetration Testing

At Filament Information Security, we focus on uncovering vulnerabilities in the applications your staff, students, or community rely on every day.

Our application penetration testing evaluates both custom-built and off-the-shelf web and mobile applications to identify flaws that could expose sensitive data or disrupt operations.

Why Filament?

  • Nonprofit Costing: Get expert support at a lower cost from a fellow nonprofit.
  • Flexible Engagements: Schedules that fit your needs and timelines.
  • Experienced Professionals: Benefit from our team’s years of experience and industry certifications.

Our Application Penetration Testing Process

Our process blends automated scanning with manual testing techniques to uncover issues missed by scanners alone.

  1. Pre-Engagement & Scoping
    Define application scope, testing rules, and data sensitivity.
  2. Reconnaissance
    Map application architecture and identify inputs, parameters, and endpoints.
  3. Threat Modeling & Vulnerability Analysis
    Test for flaws like broken authentication, injection attacks, and misconfigurations.
  4. Exploitation
    Safely exploit vulnerabilities to demonstrate risk and potential data exposure.
  5. Post-Exploitation
    Evaluate how far an attacker could move within the application (account takeover, data exfiltration, etc.).
  6. Reporting & Debrief
    Deliver actionable reports with executive summaries, technical findings, proof-of-concepts, and remediation guidance.

Application Vulnerabilities We Test For

  • Injection Attacks
    SQL, command, and XML injections.
  • Broken Authentication & Access Control
    Weak login, privilege escalation, session management flaws.
  • Cross-Site Scripting (XSS)
    Persistent, reflected, and DOM-based injection flaws.
  • Insecure Configurations
    Default credentials, unpatched components, unnecessary services.
  • Data Exposure
    Improper handling of sensitive data such as PII, PHI, or payment details.

Meet the Team

Art Provost

Art Provost

Art, with 30 years of experience in Information Security across diverse roles, joined Filament in 2011 and holds multiple certifications, including CISSP, GSEC, GPEN, GWAPT, and CISM.

Tyler Malcom

Tyler Malcom

Tyler, who joined Filament in 2022, has a strong background in cyber defense and offensive operations from his time in the US Navy and holds CISSP and GSEC certifications.

Keri Kunkle

Keri Kunkle

Keri, who joined Filament in 2023, is a seasoned cybersecurity professional with experience in the US Marine Corps and Department of Defense, holding multiple certifications and advanced degrees in cybersecurity.

Learn More About Our Experts

Expert Help is On the Way

Schedule a Free Discovery Call

Explore your organization’s future with a quick conversation with Filament Information Security services.

Contact us today to learn more about how we can help you achieve your security goals.