Did you know that KEEP-IT-SECURE 24 model provides continuous Penetration Testing services at approximately the same cost as a single traditional Penetration Test?
Check our plans.
KEEP-IT-SECURE-24 Penetration Tests are executed by a team of highly qualified and certified security professionals. Penetration Testing Activities are intended to validate security controls and identify potential and real vulnerabilities, using tools and methodologies similar to the potential attackers.
This table presents some of the activities we develop during the course of our activity:
| Activities | |
|---|---|
| FootPrinting | Gathering of externally available information about the infra-structure (google dorking, dns, etc) |
| Scanning and Enumeration | Scanning the network for available devices, services, and potential vulnerabilities |
| Vulnerability Analysis | Analysis of potential vulnerabilities, identifying false positives, and exploitable vulnerabilities |
| Vulnerability Exploitation | Exploitation, proving the existence of the vulnerability |
| Privilege Escalation | Attempting to obtain further privileges on the infrastructure |
| Information Gathering | Collection of application information regarding entry-points, frameworks, versions and error codes |
| Configuration Management Testing | Test and identify: SSL/TLS, database access, infra-structure and application configurations, extension processing and handling, redundant, readable and downloadable files, available HTTP Methods |
| Authentication Testing | Test and identify: credentials transport over an encrypted channel, user enumeration, user guessing, authentication bypass, password reset, cache management, CAPTCHA, race conditions |
| Session Management | Test and identify: Session Management Schema, cookies attributes, session fixation, CSRF |
| Authorization Testing | Test and identify: path traversal, authorization bypass, privilege escalation |
| Business Logic Testing | Analysis and testing application business logic |
| Data Validation Testing | Test and identify: XSS (reflected/stored/DOM), Cross Site Flashing, Injection flaws (SQL/LDAP/ORM/XML/SSI/Xpath/IMAP/SMTP/Code/OSCommands), buffer overflows, HTTP splitting / smuggling, HPP (HTTP Parameter Pollution) |
| Denial of Service Testing | Identify and test vulnerabilities that can cause Denial of Service as SQL wildcards, user account lockout, buffer overflows, user object allocation, user loop counter input, user data disk writing |
| Web Services Testing | Test and identify: WSDL, XML structures, XML content, HTTP GET/REST, SOAP attachments, replay |
| AJAX Testing | Test and identify vulnerabilities in AJAX |
All identified vulnerabilities are reported through KEEP-IT-SECURE-24 platform enabling a flexible and interactive vulnerability resolution process.