- Pre-review meeting
- Formal meeting
- Written review report
- Follow-up and possible re-inspection
- The more formal the review, the higher the payoff
Web Security Assessment
How does web security assessment improve security ?
Web Application Security Testing Methodology
- Content Management Solutions
- ERP Solutions
- Monetised API Interfaces
- Cloud Integrations
- Azure Applications
- AWS Applications
- Google Applications
- Heroku Applications
- Serverless Applications
- Dependent Libraries Review
- Applications built on Web
- Hybrid Web Applications
Application Security Assessment
Methodology Different software testing techniques are employed to unearth application security vulnerabilities, weaknesses and concerns related to Authentication, Authorization, Session Management, Input/output Validation, Processing Errors, Information Leakage, Denial of Service etc. Typical issues which may be discovered in an application security audit include Cross-site scripting, Broken ACLs/Weak passwords, Weak session management, Buffer overflows, Forceful browsing, CGI-BIN manipulation, Form/hidden field manipulation, Command injection, Insecure use of cryptography, Cookie poisoning, SQL injection, Server mis-configurations, Well-known platform vulnerabilities, Errors triggering sensitive information leak etc. For web applications OWASP (Open Web Application Security Project) guidelines is used for the assessment. All the assessment are carried out using both state-of-the-art tools and manual testing methods.
Penetration Testing (PT) is normally done remotely from public domain(Internet) and also can be done from internal network to find out exploitable vulnerabilities from internal network. No privilege access is required. Series of testing conducted like information gathering from public domain, port scanning, system fingerprinting, service probing, vulnerability scanning, manual testing, password cracking etc. using state-of-the-art tools (commercial and open source) and techniques used by hackers with a objective to unearth vulnerabilities and weaknesses of the IT infrastructure.
A detail report with discovered vulnerabilities, weaknesses and mis-configurations with associated risk levels and recommended actions for the risk mitigation will be submitted. Additionally a demonstration of penetration (if possible) as a Proof of Concept (only to prove possibility and not to cause real damage) may be given.
Methodology: This is a security audit and privilege access and administrator assistance is required for configuration audit. This is done directly on the system with physical and logical access. System configuration checking and vulnerability scanning is performed to find out weaknesses, vulnerabilities and mis-configuration in the target hosts.
A detail report with discovered vulnerabilities, weaknesses and mis-configurations with associated risk levels and recommended actions for the risk mitigation will be submitted.
Mallet in the Middle
I recently had an assessment reviewing a kiosk application. As I have been working on Mallet recently, this…
10 October 2018
DNS-Shell is an interactive Shell over DNS channel. The server is Python based and can run on any…
10 October 2018
Get in touch with us
Please select an area that you would like to enquire about and we’ll get back to you as soon as possible.
Some error has occured.