Enviar búsqueda
Cargar
Web application penetration testing
•
10 recomendaciones
•
2,338 vistas
Imaginea
Seguir
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 12
Recomendados
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
Security testing
Security testing
Khizra Sammad
Security testing
Security testing
Tabăra de Testare
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
Burp suite
Burp suite
SOURABH DESHMUKH
Malware analysis
Malware analysis
Prakashchand Suthar
Penetration Testing
Penetration Testing
RomSoft SRL
Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
Recomendados
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
Security testing
Security testing
Khizra Sammad
Security testing
Security testing
Tabăra de Testare
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
Burp suite
Burp suite
SOURABH DESHMUKH
Malware analysis
Malware analysis
Prakashchand Suthar
Penetration Testing
Penetration Testing
RomSoft SRL
Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
Vulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
OWASP Delhi
Security testing presentation
Security testing presentation
Confiz
Web application security & Testing
Web application security & Testing
Deepu S Nath
Penetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
Penetration Testing Basics
Penetration Testing Basics
Rick Wanner
Web Application Penetration Tests - Information Gathering Stage
Web Application Penetration Tests - Information Gathering Stage
Netsparker
How to identify and prevent SQL injection
How to identify and prevent SQL injection
Eguardian Global Services
API Security Fundamentals
API Security Fundamentals
José Haro Peralta
What is security testing and why it is so important?
What is security testing and why it is so important?
ONE BCG
A5: Security Misconfiguration
A5: Security Misconfiguration
Tariq Islam
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
Security testing
Security testing
Rihab Chebbah
security misconfigurations
security misconfigurations
Megha Sahu
Penetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
OWASP Secure Coding
OWASP Secure Coding
bilcorry
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
Analysis of web application penetration testing
Analysis of web application penetration testing
Engr Md Yusuf Miah
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
Axoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing Services
Bulent Buyukkahraman
Web Application Security Testing
Web Application Security Testing
Marco Morana
Más contenido relacionado
La actualidad más candente
Vulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
OWASP Delhi
Security testing presentation
Security testing presentation
Confiz
Web application security & Testing
Web application security & Testing
Deepu S Nath
Penetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
Penetration Testing Basics
Penetration Testing Basics
Rick Wanner
Web Application Penetration Tests - Information Gathering Stage
Web Application Penetration Tests - Information Gathering Stage
Netsparker
How to identify and prevent SQL injection
How to identify and prevent SQL injection
Eguardian Global Services
API Security Fundamentals
API Security Fundamentals
José Haro Peralta
What is security testing and why it is so important?
What is security testing and why it is so important?
ONE BCG
A5: Security Misconfiguration
A5: Security Misconfiguration
Tariq Islam
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
Security testing
Security testing
Rihab Chebbah
security misconfigurations
security misconfigurations
Megha Sahu
Penetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
OWASP Secure Coding
OWASP Secure Coding
bilcorry
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
Analysis of web application penetration testing
Analysis of web application penetration testing
Engr Md Yusuf Miah
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
La actualidad más candente
(20)
Vulnerabilities in modern web applications
Vulnerabilities in modern web applications
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
Security testing presentation
Security testing presentation
Web application security & Testing
Web application security & Testing
Penetration testing web application web application (in) security
Penetration testing web application web application (in) security
Penetration Testing Basics
Penetration Testing Basics
Web Application Penetration Tests - Information Gathering Stage
Web Application Penetration Tests - Information Gathering Stage
How to identify and prevent SQL injection
How to identify and prevent SQL injection
API Security Fundamentals
API Security Fundamentals
What is security testing and why it is so important?
What is security testing and why it is so important?
A5: Security Misconfiguration
A5: Security Misconfiguration
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Security testing
Security testing
security misconfigurations
security misconfigurations
Penetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
OWASP Secure Coding
OWASP Secure Coding
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Analysis of web application penetration testing
Analysis of web application penetration testing
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
Destacado
Axoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing Services
Bulent Buyukkahraman
Web Application Security Testing
Web Application Security Testing
Marco Morana
«How to start in web application penetration testing» by Maxim Dzhalamaga
«How to start in web application penetration testing» by Maxim Dzhalamaga
0xdec0de
Web Application Penetration Testing Introduction
Web Application Penetration Testing Introduction
gbud7
Vtb final
Vtb final
Samar Rahi
QA/Test Engineering Perspectives
QA/Test Engineering Perspectives
Roopesh Kohad
Pentesting With Web Services in 2012
Pentesting With Web Services in 2012
Ishan Girdhar
Penetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
Penetration Testing Techniques - DREAD Methodology
Penetration Testing Techniques - DREAD Methodology
Rapid7
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
btpsec
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
STRIDE And DREAD
STRIDE And DREAD
chuckbt
I Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security Testing
Jason Haddix
Web Application Security
Web Application Security
Abdul Wahid
Application Threat Modeling
Application Threat Modeling
Marco Morana
Penetration Testing Execution Phases
Penetration Testing Execution Phases
Nasir Bhutta
E Marketing Powerpoint
E Marketing Powerpoint
PETITROBOT
Online Marketing Presentation
Online Marketing Presentation
Windhill Design
Web application attacks
Web application attacks
hruth
Online Marketing
Online Marketing
arpita singh
Destacado
(20)
Axoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing Services
Web Application Security Testing
Web Application Security Testing
«How to start in web application penetration testing» by Maxim Dzhalamaga
«How to start in web application penetration testing» by Maxim Dzhalamaga
Web Application Penetration Testing Introduction
Web Application Penetration Testing Introduction
Vtb final
Vtb final
QA/Test Engineering Perspectives
QA/Test Engineering Perspectives
Pentesting With Web Services in 2012
Pentesting With Web Services in 2012
Penetration testing reporting and methodology
Penetration testing reporting and methodology
Penetration Testing Techniques - DREAD Methodology
Penetration Testing Techniques - DREAD Methodology
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
STRIDE And DREAD
STRIDE And DREAD
I Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security Testing
Web Application Security
Web Application Security
Application Threat Modeling
Application Threat Modeling
Penetration Testing Execution Phases
Penetration Testing Execution Phases
E Marketing Powerpoint
E Marketing Powerpoint
Online Marketing Presentation
Online Marketing Presentation
Web application attacks
Web application attacks
Online Marketing
Online Marketing
Similar a Web application penetration testing
Network penetration testing
Network penetration testing
Imaginea
Novinky F5
Novinky F5
MarketingArrowECS_CZ
50357 a enu-module02
50357 a enu-module02
Bố Su
Pangolin Datasheet
Pangolin Datasheet
mattotamhe
Security best practices
Security best practices
AVEVA
Dave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
deimos
Super User or Super Threat?
Super User or Super Threat?
ObserveIT
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
CA API Management
Secure SDLC for Software
Secure SDLC for Software
Shreeraj Shah
OWASP Top 10 Project
OWASP Top 10 Project
Muhammad Shehata
Application Services On The Web Sales Forcecom
Application Services On The Web Sales Forcecom
QConLondon2008
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Inman News
Cyber ppt
Cyber ppt
karthik menon
Hide and seek - Attack Surface Management and continuous assessment.
Hide and seek - Attack Surface Management and continuous assessment.
Eoin Keary
Web 2.0 Hacking
Web 2.0 Hacking
blake101
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at Netflix
SBWebinars
Intro to Force.com Webinar presentation
Intro to Force.com Webinar presentation
Developer Force - Force.com Community
Introduction to Force.com Webinar
Introduction to Force.com Webinar
Salesforce Developers
How websites are attacked
How websites are attacked
Mykonos Software
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core Impact
Tom Eston
Similar a Web application penetration testing
(20)
Network penetration testing
Network penetration testing
Novinky F5
Novinky F5
50357 a enu-module02
50357 a enu-module02
Pangolin Datasheet
Pangolin Datasheet
Security best practices
Security best practices
Dave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
Super User or Super Threat?
Super User or Super Threat?
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
Secure SDLC for Software
Secure SDLC for Software
OWASP Top 10 Project
OWASP Top 10 Project
Application Services On The Web Sales Forcecom
Application Services On The Web Sales Forcecom
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Cyber ppt
Cyber ppt
Hide and seek - Attack Surface Management and continuous assessment.
Hide and seek - Attack Surface Management and continuous assessment.
Web 2.0 Hacking
Web 2.0 Hacking
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at Netflix
Intro to Force.com Webinar presentation
Intro to Force.com Webinar presentation
Introduction to Force.com Webinar
Introduction to Force.com Webinar
How websites are attacked
How websites are attacked
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core Impact
Más de Imaginea
Require JS
Require JS
Imaginea
Scala and lift
Scala and lift
Imaginea
Imaginea Service Sheet - Performance Engineering
Imaginea Service Sheet - Performance Engineering
Imaginea
Imaginea Service Sheet - Interaction Design
Imaginea Service Sheet - Interaction Design
Imaginea
Imaginea - SugarCRM iPhone App - User Guide
Imaginea - SugarCRM iPhone App - User Guide
Imaginea
Offline Enterprise and Web Apps: Dekoh Approach
Offline Enterprise and Web Apps: Dekoh Approach
Imaginea
Imaginea Scales Application using Amazon EC2
Imaginea Scales Application using Amazon EC2
Imaginea
Whitepaper Cloud Egovernance Imaginea
Whitepaper Cloud Egovernance Imaginea
Imaginea
Imaginea - Ideas to Life - About Us
Imaginea - Ideas to Life - About Us
Imaginea
Imaginea_CloudComputing_Services
Imaginea_CloudComputing_Services
Imaginea
Imaginea_Product Engineering_Services
Imaginea_Product Engineering_Services
Imaginea
Scaling Databases On The Cloud
Scaling Databases On The Cloud
Imaginea
Imaginea Cloud Offerings
Imaginea Cloud Offerings
Imaginea
Soa Offerings
Soa Offerings
Imaginea
Sharing on Dekoh - Our RIA Desktop Platform
Sharing on Dekoh - Our RIA Desktop Platform
Imaginea
Scaing databases on the cloud
Scaing databases on the cloud
Imaginea
Product QA - A test engineering perspective
Product QA - A test engineering perspective
Imaginea
Facebook Olympics
Facebook Olympics
Imaginea
Process Guidelines V2
Process Guidelines V2
Imaginea
Migrating to Cloud - A Step by Step
Migrating to Cloud - A Step by Step
Imaginea
Más de Imaginea
(20)
Require JS
Require JS
Scala and lift
Scala and lift
Imaginea Service Sheet - Performance Engineering
Imaginea Service Sheet - Performance Engineering
Imaginea Service Sheet - Interaction Design
Imaginea Service Sheet - Interaction Design
Imaginea - SugarCRM iPhone App - User Guide
Imaginea - SugarCRM iPhone App - User Guide
Offline Enterprise and Web Apps: Dekoh Approach
Offline Enterprise and Web Apps: Dekoh Approach
Imaginea Scales Application using Amazon EC2
Imaginea Scales Application using Amazon EC2
Whitepaper Cloud Egovernance Imaginea
Whitepaper Cloud Egovernance Imaginea
Imaginea - Ideas to Life - About Us
Imaginea - Ideas to Life - About Us
Imaginea_CloudComputing_Services
Imaginea_CloudComputing_Services
Imaginea_Product Engineering_Services
Imaginea_Product Engineering_Services
Scaling Databases On The Cloud
Scaling Databases On The Cloud
Imaginea Cloud Offerings
Imaginea Cloud Offerings
Soa Offerings
Soa Offerings
Sharing on Dekoh - Our RIA Desktop Platform
Sharing on Dekoh - Our RIA Desktop Platform
Scaing databases on the cloud
Scaing databases on the cloud
Product QA - A test engineering perspective
Product QA - A test engineering perspective
Facebook Olympics
Facebook Olympics
Process Guidelines V2
Process Guidelines V2
Migrating to Cloud - A Step by Step
Migrating to Cloud - A Step by Step
Último
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Results
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Último
(20)
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Web application penetration testing
1.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Information Security Group (ISG) Web Application Penetration Testing reachus@imaginea.com
2.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Web Application Penetration Testing Overview Web Application Penetration Assessment looks from the perspective of a malicious hacker and finds the holes before they can be exploited. We rely on a detailed and well-established manual testing methodology for accuracy and effectiveness. Open source and commercial tools will be used to automate many routine security testing tasks.
3.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Penetration Testing Methodology Step 1 • Information Gathering Step 2 • Analysis and Planning Step 3 • Vulnerability Identification Step 4 • Exploitation Step 5 • Risk Analysis and Remediation Suggestion Step 6 • Reporting
4.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Information Gathering Template Information Required Data Application Name (Eg: LeanTaas) What is the type of the application? (Static / Dynamic / Applets / Web Services) Provide application URL What are all the application user roles? (Eg: User, Administrator, Manager) Is the application used by multiple clients? (Yes/No) If Yes, provide credentials for at least two clients Provide at least two sets of credentials for each user role Specify scope of the test (Internal application functionality and URLs to be tested) Provide application User Manual/ Help documents
5.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Analysis and Planning Analysis Verification of gathered template information Client communication for clarifications Understanding the application functionality Identification of critical application components and corresponding vulnerabilities to be tested Planning Test modularization based on functionality or vulnerability focus areas Plan for automation testing phase Plan for exploitation phase Plan for risk analysis and reporting phases Time estimates for each of the phases
6.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Vulnerability Identification Focus Areas Authentication: Input Validation: Authentication Bypass Cross Site Scripting Poor Password Strength Cross Site Request Forgery No Account Lockout SQL Injection No Logout functionality Buffer Overflow File Upload Authorization: Code Injection Privilege Escalation Forceful Browsing Cryptography: Weak SSL Session Management: Weak Encryption Key Session Fixation Unencrypted Sensitive Data (Eg: Improper Session Expiration Passwords, Cookies) Session time out too long
7.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Vulnerability Identification Focus Areas Information Leakage: System Configuration: Error Messages Default Passwords HTML Comments Default Pages Source Code Disclosure Default Error Messages Enabled Cross Frame Spoofing Unpatched Software Server Platform Info Leak HTTP Methods Enabled Sensitive Data Revealed Note: This is not exhaustive list of vulnerabilities. More vulnerabilities will be added to the list based on the technology/requirement/latest threats.
8.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Vulnerability Identification Vulnerability Testing Phases Exhaustive manual penetration testing on the application and vulnerability focus areas Automatic scanning of application using tools and analysis of the results for false positives Identification of list of application vulnerabilities from manual and automation testing results Tools HTTP Proxy tool (Eg: Burp Suite tools, HTTPWatch, Tamper IE, Paros, WebScarab etc) Web Application Scanner(Eg: Burp Suite Scanner, Appscan, Web Inspect etc) Web Service Testing tool (SoapUI etc) SSL version and SSL key strength enumeration tools (Cygwin OpenSSL, Foundstone SSLDigger etc) Frameworks for exploitation (Metasploit, Core Impact etc) Note: More tools will be added to the list based on the technology or need or latest advancements.
9.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Exploitation Applicable attacks will be performed on the identified application vulnerabilities without causing much damage to the application resources and infrastructure. This phase helps to assess RISK of a vulnerability more accurately. Resources for exploitation Exploit frameworks (Metasploit, Core Impact etc) Open source scripts and tools Custom scripts (using Python, Perl etc)
10.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Risk Analysis and Remediation Suggestion Risk Analysis Estimation of the Likelihood of attack Estimation of the Impact of a successful attack Evaluate overall RISK of the vulnerability Risk = Likelihood * Impact OWASP Risk Rating Methodology is used as a guidance. Ref: https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology Remediation Suggestion Remediation measures will be suggested for each vulnerability identified. Priority for remediation will be suggested based on the risk rating of the vulnerability
11.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Report Template Brief summary of the Network Brief description of the application includes name, version, platform details and functionality etc. Network Security Summary report Brief description of the overall security status and the list of major security vulnerabilities identified. Vulnerability details for each identified vulnerability: Vulnerability Classification and Name Description of the vulnerability Vulnerability details Remediation Suggestions Vulnerability Risk Rating (Likelihood, Impact, Overall Risk)
12.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Security as a Service http://www.imaginea.com reachus@imaginea.com