According to Security Magazine, there are over 2,200 cyber attacks every day – 1 attack every 39 seconds. We ensure the security of your systems from attacker’s perspective with attacker’s tools and techniques!
“The best defense is a good offense.”
What is Penetration Testing?
Penetration Testing (or Ethical Hacking) is a form of Offensive Security which provides a detailed examination of all systems and components and detects vulnerabilities in the system, by approaching the system from an attacker’s point of view. In this way, risks such as privacy violations and data theft are detected before they occur and necessary precautions are taken. It is important to perform a penetration test when a new system structure is created or when significant changes and updates are made to the system.
At the end of the penetration test, the result report is prepared. In the result report, security risks and elimination methods are explained in detail.
Penetration Testing Types
- Black Box Test No technical information is shared with the test team.
- White Box Test Technical information is provided to the test team about the target network structure, network addresses or applications to be tested.
- Gray Box Test Limited technical knowledge is provided to the test team.
Penetration Testing Stages
- Reconnaissance Collect information and data about your business via public and private sources, to prepare an attack strategy.
- Scanning Use commercial and open source tools to uncover open services, application security issues and open source vulnerabilities, to scan for weaknesses.
- Gaining access Simulate and test multiple hacking scenarios, and identify every potential tool and technique e.g., SQL injection, malware, social engineering etc- to gain access to your systems.
- Maintaining access Simulate gaining and maintaining access to your business systems to understand the actual impact of a potential cyberattack, without any real threat to your data.
- Reporting Get an in-depth threat profile, with issues prioritized according to severity, and detailed steps for mitigation.
Information Gathering Phase
Examining version of the software, database details, the error technical component, bugs by the error codes by requesting invalid pages.
Implementing tchhniques such as DNS inverse queries, zone transfers and web based DNS searches.
Performin directory style searching and vulnerability scanning, probed for URLs, using tools such as NMAP and Nessus.
Identifying entry points of the applications by using Burp Proxy, OWSAP ZAP and WebScarab.
Service fingerprinting by using traditional fingerprint tools such as Nmap and Amap.
Examining robots.txt and sitemap files.
Testing common File Extension such as.conf, inc, default php files.
Examining sources code from the accessing pages of the application front end.
Authentication / Authorization Testing
Checking if it is possible to “reuse” the session after Logout. Also checked if the application automatically logs out a user has idle for a certain amount of time.
Checking whether any sensitive information remain stored in browser cache.
Testing the role and privilege manipulation to access the resources.
Performing input vector enumeration and analyzing the input validation functions presented in the web application.
Testing for cookie and parameter tampering using web spider tools.
Testing for HTTP Request Tempering and check whether to gain illegal access to reserved resources.
Configuration Management Testing
Checking directory and file enumeration review server and application. Also, checked the infrastructure and application admin interfaces.
Analyzing the eeb server banner and network scanning performed.
Checking and verified the presence of old backup and referenced files such as source codes, passwords, installation paths.
Checking and identified the ports associated with the SSL/TLS services using NMAP and NESSUS.
Reviewing OPTIONS HTTP method using Netcat and Telnet.
Testing for HTTP methods and XST for credentials of legitimate users.
Performing application configuration management test to review the information of the source code, log files and default error codes.
Session Management Testing
Checking the URL’s in the restricted area to test for Cross Request Forgery.
Testing for exposed session variables by inspecting encryption and reuse of session token, proxies and caching, GET&POST.
Collecting a sufficient number of cookie samples and analyzed the cookie sample algorithm and forged a valid cookie in order to perform an attack.
Testing the cookie attribute using intercept proxies such as Burp Proxy, OWASP ZAP and traffic intercept proxies.
Testing the Session Fixation, to avoid stealing user session.(Session Hijacking)
Data Validation Testing
Performing sources code analyze for javascript Coding Errors.
Performing Union Query SQL injection testing, standard SQL injection Testing, blind SQL query Testing, using tools such as sqlninja,sqldumper,sql power injector .etc.
Analyzing the HTML Code, Test for stored XSS, leverage stored XSS, using tools such as XSS proxy, Backframe, Burp Proxy, OWASP, ZAP, XSS Assistant.
Performing IMAP/SMTP injection Testing for access the backend mail server.
Performing XPATH Injection Testing for accessing the confidential information.
Performing code injection testing to identify input validation error.
Testing for HTTP Splitting and smuggling for cookies and HTTP redirect information.
You can contact us for more information.