Description
INTRODUCTION
Our team goes beyond the scope of OWASP Top 10 and performs an assessment that pushes the boundary for application security. We don’t solely scan the application for known bugs but leverage extensive research to identify deep technical vulnerabilities.
- Bypassing Authentication
- Escalating Privileges
- Accessing Sensitive Data
- Disrupting Legitimate Use
- Gathering Intelligence
- Manipulating Information
- Manipulating Business Processes
METHODOLOGY
AUTOMATED: Intect will identify the vulnerabilities present in the application with the help of automated tools and eliminate the false positives. Automated scanners will give us an overview of the possible existence of vulnerabilities in the environment.
MANUAL: Our analyst will identify every exploitable vulnerability present in the application. We will check for logical flaws which might compromise authentication/authorization, injection attacks, data security, input validations, session management issues, etc. We also fetch every open port and the services running on the APIs’ servers. After that, we test them for vulnerabilities depending on their level of exploitability and availability in the environment they exist.
TYPES OF TESTING
BLACK BOX: Black-box testing is a method of software/application testing that examines the functionality of an application without knowing it’s internal/backend working. It requires no prior knowledge of the application or the intervention of the application vendor.
GREY BOX: In grey-box assessment, typically, the auditor has some knowledge of the application which is given by the business owners in form of application walk-throughs, application data flow, API documentation, etc. The purpose of grey-box assessment is to provide a more efficient & focused security assessment.
SECURITY CONTROLS
Data in Transit | The controls in this group protects the security of data in transit by mapping controls related to encryption and SSL/TLS protocols such as HTTPS, FTP, etc. |
User Input Handling | The vulnerabilities in this group covers the security of the data against the malicious user inputs. |
Business Logic Flaws | The vulnerabilities in this group are checked against the misuse of an application by circumventing the business rules i.e ways of using legitimate processing flow of an application in a way that results in a negative consequence to the organization. |
Access Control | The authorization and the business logic decisions in the application are evaluated based on the controls in this group. |
Authentication & Authorization | The controls in this group evaluates the application against weak passwords, insecure password recovery mechanisms, poorly protected credentials or lack of granular access control to access a particular interface. |
Password Management | The controls in this group evaluate the practices implemented for storing and managing passwords to prevent unauthorized access. |
Session Management | Controls in this group cover anything from how user authentication is performed, to what happens upon them logging out. |
HTTP Security | Controls in this group evaluates the usage of various HTTP methods whenever data is sent to or received from the application server. |
Data Protection | Vulnerabilities in this group covers the validation of the data sent to or received from the server along with the validation of the data stored at client side. i.e user PII information, key exchange, data tampering, etc. |
Data Validation | The vulnerabilities in this group checks for the business logic decisions based on user input in the application. |
Error Handling | The error handling section covers the information disclosure vulnerability arises due to the lack of user input sanitization. |
By Lqpvno on March 10, 2024
order lipitor 80mg generic cheap lipitor lipitor cheap
By Vrgyma on March 14, 2024
ciprofloxacin medication – purchase amoxiclav pill cost amoxiclav
By Etcrcu on March 15, 2024
baycip buy online – amoxiclav for sale online buy augmentin 625mg generic
By Dlyskj on March 16, 2024
buy metronidazole 400mg pills – buy zithromax 250mg online cheap purchase zithromax pill
By Ccspan on March 18, 2024
order ciprofloxacin 500mg pill – erythromycin for sale online order erythromycin 500mg online
By Spfzqm on March 19, 2024
buy generic valacyclovir over the counter – buy valacyclovir 500mg online cheap order acyclovir 400mg generic
By Oivezq on March 20, 2024
ivermectin 3mg online – cost cefuroxime 250mg tetracycline brand
By Rjjsdd on March 21, 2024
order metronidazole generic – cheap amoxicillin tablets azithromycin buy online
By Ydnzdv on March 22, 2024
buy lasix 40mg without prescription – brand furosemide order capoten 25mg pills
By Bqqeuy on March 22, 2024
acillin canada buy penicillin for sale cheap amoxicillin
By Uohdgz on March 26, 2024
retrovir 300mg sale – order rulide 150 mg oral zyloprim 300mg
By Yhlwdh on March 26, 2024
purchase metformin sale – brand metformin oral lincomycin 500 mg
By Vbsnff on March 29, 2024
seroquel for sale – purchase bupropion online cheap eskalith generic
By Kbpadg on March 29, 2024
buy clozaril 50mg for sale – frumil 5 mg uk famotidine 20mg canada