Blue Goat Cyber

Web Application Horizontal and Vertical Privilege Escalation in Penetration Testing

penetration testing privilege escalation

With a Web Application Penetration Test, we have “user” level knowledge (gray box) and access to a system. A Web Application Penetration Test is used to test an application that supports multiple users (roles) by testing authenticated user access to ensure a user on the application cannot access another user’s data or escalate privileges. We test an application, such as a web application or a custom-built application, as an authenticated user. We log on to the application as that user and perform testing to see if we can perform any of the following escalations: 

  • Horizontal Privilege Escalation – where an authenticated user can access another user’s data. An example of horizontal privilege escalation is a bank application, where an authenticated user’s account number appears in a URL. If I can change the account number in the URL to another account number and access another user’s banking information, I’ve just performed a horizontal privilege escalation.
  • Vertical Privilege Escalation – where an authenticated user can escalate privileges to an administrator-level account. An example is a web application with a value representing the username in a hidden field that is returned after successful authentication. What would happen if we changed the value from ‘username’ to ‘root’ or ‘administrator’ and passed this back to the web application server?
Blog Search
Social Media

Explore Our Cybersecurity Services

Medical Device Cybersecurity

We understand that often the key objective of testing medical devices is to assist with FDA approval.

Penetration Testing Services

How secure is your network? When is the last time you tested your cybersecurity defenses?

HIPAA Security Risk Analysis (SRA)

We help you meet the requirement to conduct an accurate and thorough assessment of risks to the confidentiality, integrity, and availability of ePHI. 


We help you mature your cybersecurity posture in alignment with your compliance requirements and business objectives.