About

Testing Process

The KEEP-IT-SECURE-24 Penetration Tests are executed by a team of highly qualified and certified security professionals.

Penetration Testing Activities are intended to validate security controls and identify potential and real vulnerabilities, using tools and methodologies similar to the potential attackers.

This table presents some of the activities we develop during the course of our activity:

FootPrinting

Gathering of externally available information about the infra-structure (google dorking, dns, etc)

Scanning and Enumeration

Scanning the network for available devices, services, and potential vulnerabilities

Vulnerability Analysis

Analysis of potential vulnerabilities, identifying false positives, and exploitable vulnerabilities

Vulnerability Exploitation

Exploitation, proving the existence of the vulnerability

Privilege Escalation

Attempting to obtain further privileges on the infrastructure

Information Gathering

Collection of application information regarding entry-points, frameworks, versions and error codes

Configuration Management Testing

Test and identify: SSL/TLS, database access, infra-structure and application configurations, extension processing and handling, redundant, readable and downloadable files, available HTTP Methods

Authentication Testing

Test and identify: credentials transport over an encrypted channel, user enumeration, user guessing, authentication bypass, password reset, cache management, CAPTCHA, race conditions

Session Management

Test and identify: Session Management Schema, cookies attributes, session fixation, CSRF

Authorization Testing

Test and identify: path traversal, authorization bypass, privilege escalation

Business Logic Testing

Analysis and testing application business logic

Data Validation Testing

Test and identify: XSS (reflected/stored/DOM), Cross Site Flashing, Injection flaws (SQL/LDAP/ORM/XML/SSI/Xpath/IMAP/SMTP/Code/OSCommands), buffer overflows, HTTP splitting / smuggling, HPP (HTTP Parameter Pollution)

Denial of Service Testing

Identify and test vulnerabilities that can cause Denial of Service as SQL wildcards, user account lockout, buffer overflows, user object allocation, user loop counter input, user data disk writing

Web Services Testing

Test and identify: WSDL, XML structures, XML content, HTTP GET/REST, SOAP attachments, replay

AJAX Testing

Test and identify vulnerabilities in AJAX

All identified vulnerabilities are reported through KEEP-IT-SECURE-24 platform enabling a flexible and interactive vulnerability resolution process.

Did you know that KEEP-IT-SECURE 24 model provides continuous Penetration Testing services at approximately the same cost as a single traditional Penetration Test?
Check our plans.

Got a question?

See most frequently asked questions