Web Application Penetration Testing

Recent years have seen strong growth in the development and emergence of new and different internet threads. Penetration Tests involve an advanced analysis of the target(s) involved, specifically designed to identify all security holes. This service enable you to defend your web applications against attacks from malicious hackers and computer espionage. When we’re done, we can then create a solution specifically for your case which includes full recommendations. Also we are providing detailed security reports after our job is done.

– OWASP (Open Web Application Security Project)
– OSSTMM (The Open Source Security Testing Methodology)
– PCI DSS 3 – 11.3

The service includes “pentesting” and vuln for those web technologies:

– Java Server Pages (JSP)
– PHP/MySQL Web Based Applications
– .NET Framework web sites
– Web Frameworks VAPT (CodeIgniter/CakePHP/etc)

Our web app VAPT are including tests for the following vulnerabilities:

We combine manual and automated techniques for detecting holes in the web application and to identify potential security issues. Automatic tests often find small and easily solvable problems, whereas manual testing gives us a deep appreciation and acknowledgement of the potential problems.

– Redirect Response With Body
– Directory Listing Enabled
– X-Frame-Options Not Used
– Remote File Include
– Response Splitting
– Session Cookie not Flagged
– LDAP Injections
– XML Injections
– Open Redirect
– Permissive Cross-Origin Resource
– Directory Traversal
– Default Login
– File Upload

– Command Injections
– SQL Injections
– Reflected Cross-site Scripting
– Password Via GET
– Persistent Cross-site Scripting
– Password Via POST
– Directory Listing Denied
– XPATH Injections
– Remote Code Injections
– Local File Include
– Path Disclosure
– Frame Injections

OWASP top 10

– Cross Site Request Forgery(CSRF)
– Broken Authentication and Session Management
– Unvalidated Redirects and Forwards
– Insufficient Transport Layer Protection
– Cross Site Scripting (XSS).
– Failure to Restrict URL Access
– Security Misconfiguration
– Injection such as SQL, LDAP etc.
– Insecure Cryptography Storage
– Insecure Direct Object References