Suche senden
Hochladen
Web application penetration testing
âą
10 gefÀllt mir
âą
2,338 views
Imaginea
Folgen
Technologie
Melden
Teilen
Melden
Teilen
1 von 12
Empfohlen
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
Â
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
Â
Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
Â
Security testing
Security testing
Rihab Chebbah
Â
Penetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
Â
Network penetration testing
Network penetration testing
Imaginea
Â
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
Â
Penetration testing
Penetration testing
Ammar WK
Â
Empfohlen
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
Â
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
Â
Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
Â
Security testing
Security testing
Rihab Chebbah
Â
Penetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
Â
Network penetration testing
Network penetration testing
Imaginea
Â
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
Â
Penetration testing
Penetration testing
Ammar WK
Â
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
OWASP Delhi
Â
Web application security & Testing
Web application security & Testing
Deepu S Nath
Â
Security testing fundamentals
Security testing fundamentals
Cygnet Infotech
Â
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
Â
Penetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
Â
Networking and penetration testing
Networking and penetration testing
Mohit Belwal
Â
Security testing
Security testing
TabÄra de Testare
Â
Command injection
Command injection
penetration Tester
Â
Api security-testing
Api security-testing
n|u - The Open Security Community
Â
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
Â
Security testing
Security testing
Khizra Sammad
Â
Penetration Testing
Penetration Testing
RomSoft SRL
Â
What is security testing and why it is so important?
What is security testing and why it is so important?
ONE BCG
Â
Pen Testing Explained
Pen Testing Explained
Rand W. Hirt
Â
OWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples
42Crunch
Â
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
Â
Web PenTest Sample Report
Web PenTest Sample Report
Octogence
Â
Security Testing Training With Examples
Security Testing Training With Examples
Alwin Thayyil
Â
Security testing presentation
Security testing presentation
Confiz
Â
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
Â
Axoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing Services
Bulent Buyukkahraman
Â
Web Application Security Testing
Web Application Security Testing
Marco Morana
Â
Weitere Àhnliche Inhalte
Was ist angesagt?
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
OWASP Delhi
Â
Web application security & Testing
Web application security & Testing
Deepu S Nath
Â
Security testing fundamentals
Security testing fundamentals
Cygnet Infotech
Â
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
Â
Penetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
Â
Networking and penetration testing
Networking and penetration testing
Mohit Belwal
Â
Security testing
Security testing
TabÄra de Testare
Â
Command injection
Command injection
penetration Tester
Â
Api security-testing
Api security-testing
n|u - The Open Security Community
Â
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
Â
Security testing
Security testing
Khizra Sammad
Â
Penetration Testing
Penetration Testing
RomSoft SRL
Â
What is security testing and why it is so important?
What is security testing and why it is so important?
ONE BCG
Â
Pen Testing Explained
Pen Testing Explained
Rand W. Hirt
Â
OWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples
42Crunch
Â
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
Â
Web PenTest Sample Report
Web PenTest Sample Report
Octogence
Â
Security Testing Training With Examples
Security Testing Training With Examples
Alwin Thayyil
Â
Security testing presentation
Security testing presentation
Confiz
Â
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
Â
Was ist angesagt?
(20)
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
Â
Web application security & Testing
Web application security & Testing
Â
Security testing fundamentals
Security testing fundamentals
Â
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Â
Penetration testing reporting and methodology
Penetration testing reporting and methodology
Â
Networking and penetration testing
Networking and penetration testing
Â
Security testing
Security testing
Â
Command injection
Command injection
Â
Api security-testing
Api security-testing
Â
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Â
Security testing
Security testing
Â
Penetration Testing
Penetration Testing
Â
What is security testing and why it is so important?
What is security testing and why it is so important?
Â
Pen Testing Explained
Pen Testing Explained
Â
OWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples
Â
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
Â
Web PenTest Sample Report
Web PenTest Sample Report
Â
Security Testing Training With Examples
Security Testing Training With Examples
Â
Security testing presentation
Security testing presentation
Â
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Â
Andere mochten auch
Axoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing Services
Bulent Buyukkahraman
Â
Web Application Security Testing
Web Application Security Testing
Marco Morana
Â
«How to start in web application penetration testing» by Maxim Dzhalamaga
«How to start in web application penetration testing» by Maxim Dzhalamaga
0xdec0de
Â
Web Application Penetration Testing Introduction
Web Application Penetration Testing Introduction
gbud7
Â
Vtb final
Vtb final
Samar Rahi
Â
QA/Test Engineering Perspectives
QA/Test Engineering Perspectives
Roopesh Kohad
Â
Pentesting With Web Services in 2012
Pentesting With Web Services in 2012
Ishan Girdhar
Â
Penetration Testing Techniques - DREAD Methodology
Penetration Testing Techniques - DREAD Methodology
Rapid7
Â
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
btpsec
Â
STRIDE And DREAD
STRIDE And DREAD
chuckbt
Â
I Want More Ninja â iOS Security Testing
I Want More Ninja â iOS Security Testing
Jason Haddix
Â
Web Application Security
Web Application Security
Abdul Wahid
Â
Application Threat Modeling
Application Threat Modeling
Marco Morana
Â
Penetration Testing Execution Phases
Penetration Testing Execution Phases
Nasir Bhutta
Â
E Marketing Powerpoint
E Marketing Powerpoint
PETITROBOT
Â
Online Marketing Presentation
Online Marketing Presentation
Windhill Design
Â
Web application attacks
Web application attacks
hruth
Â
Online Marketing
Online Marketing
arpita singh
Â
Emarketing ppt
Emarketing ppt
Ankitha2404
Â
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
Georgia Weidman
Â
Andere mochten auch
(20)
Axoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing Services
Â
Web Application Security Testing
Web Application Security Testing
Â
«How to start in web application penetration testing» by Maxim Dzhalamaga
«How to start in web application penetration testing» by Maxim Dzhalamaga
Â
Web Application Penetration Testing Introduction
Web Application Penetration Testing Introduction
Â
Vtb final
Vtb final
Â
QA/Test Engineering Perspectives
QA/Test Engineering Perspectives
Â
Pentesting With Web Services in 2012
Pentesting With Web Services in 2012
Â
Penetration Testing Techniques - DREAD Methodology
Penetration Testing Techniques - DREAD Methodology
Â
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
Â
STRIDE And DREAD
STRIDE And DREAD
Â
I Want More Ninja â iOS Security Testing
I Want More Ninja â iOS Security Testing
Â
Web Application Security
Web Application Security
Â
Application Threat Modeling
Application Threat Modeling
Â
Penetration Testing Execution Phases
Penetration Testing Execution Phases
Â
E Marketing Powerpoint
E Marketing Powerpoint
Â
Online Marketing Presentation
Online Marketing Presentation
Â
Web application attacks
Web application attacks
Â
Online Marketing
Online Marketing
Â
Emarketing ppt
Emarketing ppt
Â
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
Â
Ăhnlich wie Web application penetration testing
Novinky F5
Novinky F5
MarketingArrowECS_CZ
Â
50357 a enu-module02
50357 a enu-module02
Bá» Su
Â
Pangolin Datasheet
Pangolin Datasheet
mattotamhe
Â
Security best practices
Security best practices
AVEVA
Â
Dave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
deimos
Â
Super User or Super Threat?
Super User or Super Threat?
ObserveIT
Â
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
CA API Management
Â
Secure SDLC for Software
Secure SDLC for Software
Shreeraj Shah
Â
OWASP Top 10 Project
OWASP Top 10 Project
Muhammad Shehata
Â
Application Services On The Web Sales Forcecom
Application Services On The Web Sales Forcecom
QConLondon2008
Â
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Inman News
Â
Cyber ppt
Cyber ppt
karthik menon
Â
Hide and seek - Attack Surface Management and continuous assessment.
Hide and seek - Attack Surface Management and continuous assessment.
Eoin Keary
Â
Web 2.0 Hacking
Web 2.0 Hacking
blake101
Â
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at Netflix
SBWebinars
Â
Intro to Force.com Webinar presentation
Intro to Force.com Webinar presentation
Developer Force - Force.com Community
Â
Introduction to Force.com Webinar
Introduction to Force.com Webinar
Salesforce Developers
Â
How websites are attacked
How websites are attacked
Mykonos Software
Â
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core Impact
Tom Eston
Â
éŠæžŻć ććœ©
éŠæžŻć ććœ©
baoyin
Â
Ăhnlich wie Web application penetration testing
(20)
Novinky F5
Novinky F5
Â
50357 a enu-module02
50357 a enu-module02
Â
Pangolin Datasheet
Pangolin Datasheet
Â
Security best practices
Security best practices
Â
Dave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
Â
Super User or Super Threat?
Super User or Super Threat?
Â
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
Â
Secure SDLC for Software
Secure SDLC for Software
Â
OWASP Top 10 Project
OWASP Top 10 Project
Â
Application Services On The Web Sales Forcecom
Application Services On The Web Sales Forcecom
Â
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Â
Cyber ppt
Cyber ppt
Â
Hide and seek - Attack Surface Management and continuous assessment.
Hide and seek - Attack Surface Management and continuous assessment.
Â
Web 2.0 Hacking
Web 2.0 Hacking
Â
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at Netflix
Â
Intro to Force.com Webinar presentation
Intro to Force.com Webinar presentation
Â
Introduction to Force.com Webinar
Introduction to Force.com Webinar
Â
How websites are attacked
How websites are attacked
Â
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core Impact
Â
éŠæžŻć ććœ©
éŠæžŻć ććœ©
Â
Mehr von Imaginea
Require JS
Require JS
Imaginea
Â
Scala and lift
Scala and lift
Imaginea
Â
Imaginea Service Sheet - Performance Engineering
Imaginea Service Sheet - Performance Engineering
Imaginea
Â
Imaginea Service Sheet - Interaction Design
Imaginea Service Sheet - Interaction Design
Imaginea
Â
Imaginea - SugarCRM iPhone App - User Guide
Imaginea - SugarCRM iPhone App - User Guide
Imaginea
Â
Offline Enterprise and Web Apps: Dekoh Approach
Offline Enterprise and Web Apps: Dekoh Approach
Imaginea
Â
Imaginea Scales Application using Amazon EC2
Imaginea Scales Application using Amazon EC2
Imaginea
Â
Whitepaper Cloud Egovernance Imaginea
Whitepaper Cloud Egovernance Imaginea
Imaginea
Â
Imaginea - Ideas to Life - About Us
Imaginea - Ideas to Life - About Us
Imaginea
Â
Imaginea_CloudComputing_Services
Imaginea_CloudComputing_Services
Imaginea
Â
Imaginea_Product Engineering_Services
Imaginea_Product Engineering_Services
Imaginea
Â
Scaling Databases On The Cloud
Scaling Databases On The Cloud
Imaginea
Â
Imaginea Cloud Offerings
Imaginea Cloud Offerings
Imaginea
Â
Soa Offerings
Soa Offerings
Imaginea
Â
Sharing on Dekoh - Our RIA Desktop Platform
Sharing on Dekoh - Our RIA Desktop Platform
Imaginea
Â
Scaing databases on the cloud
Scaing databases on the cloud
Imaginea
Â
Product QA - A test engineering perspective
Product QA - A test engineering perspective
Imaginea
Â
Facebook Olympics
Facebook Olympics
Imaginea
Â
Process Guidelines V2
Process Guidelines V2
Imaginea
Â
Migrating to Cloud - A Step by Step
Migrating to Cloud - A Step by Step
Imaginea
Â
Mehr von Imaginea
(20)
Require JS
Require JS
Â
Scala and lift
Scala and lift
Â
Imaginea Service Sheet - Performance Engineering
Imaginea Service Sheet - Performance Engineering
Â
Imaginea Service Sheet - Interaction Design
Imaginea Service Sheet - Interaction Design
Â
Imaginea - SugarCRM iPhone App - User Guide
Imaginea - SugarCRM iPhone App - User Guide
Â
Offline Enterprise and Web Apps: Dekoh Approach
Offline Enterprise and Web Apps: Dekoh Approach
Â
Imaginea Scales Application using Amazon EC2
Imaginea Scales Application using Amazon EC2
Â
Whitepaper Cloud Egovernance Imaginea
Whitepaper Cloud Egovernance Imaginea
Â
Imaginea - Ideas to Life - About Us
Imaginea - Ideas to Life - About Us
Â
Imaginea_CloudComputing_Services
Imaginea_CloudComputing_Services
Â
Imaginea_Product Engineering_Services
Imaginea_Product Engineering_Services
Â
Scaling Databases On The Cloud
Scaling Databases On The Cloud
Â
Imaginea Cloud Offerings
Imaginea Cloud Offerings
Â
Soa Offerings
Soa Offerings
Â
Sharing on Dekoh - Our RIA Desktop Platform
Sharing on Dekoh - Our RIA Desktop Platform
Â
Scaing databases on the cloud
Scaing databases on the cloud
Â
Product QA - A test engineering perspective
Product QA - A test engineering perspective
Â
Facebook Olympics
Facebook Olympics
Â
Process Guidelines V2
Process Guidelines V2
Â
Migrating to Cloud - A Step by Step
Migrating to Cloud - A Step by Step
Â
KĂŒrzlich hochgeladen
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Â
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Â
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Â
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Â
đŹ The future of MySQL is Postgres đ
đŹ The future of MySQL is Postgres đ
RTylerCroy
Â
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Â
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
Â
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Â
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
Â
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Â
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
Â
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
Â
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
Â
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
Â
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Â
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Â
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Â
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
Â
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
Â
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
Â
KĂŒrzlich hochgeladen
(20)
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Â
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Â
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Â
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Â
đŹ The future of MySQL is Postgres đ
đŹ The future of MySQL is Postgres đ
Â
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Â
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Â
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Â
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
Â
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Â
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Â
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Â
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Â
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Â
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Â
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Â
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Â
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
Â
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Â
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
Â
Web application penetration testing
1.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Information Security Group (ISG) Web Application Penetration Testing reachus@imaginea.com
2.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Web Application Penetration Testing Overview Web Application Penetration Assessment looks from the perspective of a malicious hacker and finds the holes before they can be exploited. We rely on a detailed and well-established manual testing methodology for accuracy and effectiveness. Open source and commercial tools will be used to automate many routine security testing tasks.
3.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Penetration Testing Methodology Step 1 âą Information Gathering Step 2 âą Analysis and Planning Step 3 âą Vulnerability Identification Step 4 âą Exploitation Step 5 âą Risk Analysis and Remediation Suggestion Step 6 âą Reporting
4.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Information Gathering Template Information Required Data Application Name (Eg: LeanTaas) What is the type of the application? (Static / Dynamic / Applets / Web Services) Provide application URL What are all the application user roles? (Eg: User, Administrator, Manager) Is the application used by multiple clients? (Yes/No) If Yes, provide credentials for at least two clients Provide at least two sets of credentials for each user role Specify scope of the test (Internal application functionality and URLs to be tested) Provide application User Manual/ Help documents
5.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Analysis and Planning Analysis Verification of gathered template information Client communication for clarifications Understanding the application functionality Identification of critical application components and corresponding vulnerabilities to be tested Planning Test modularization based on functionality or vulnerability focus areas Plan for automation testing phase Plan for exploitation phase Plan for risk analysis and reporting phases Time estimates for each of the phases
6.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Vulnerability Identification Focus Areas Authentication: Input Validation: Authentication Bypass Cross Site Scripting Poor Password Strength Cross Site Request Forgery No Account Lockout SQL Injection No Logout functionality Buffer Overflow File Upload Authorization: Code Injection Privilege Escalation Forceful Browsing Cryptography: Weak SSL Session Management: Weak Encryption Key Session Fixation Unencrypted Sensitive Data (Eg: Improper Session Expiration Passwords, Cookies) Session time out too long
7.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Vulnerability Identification Focus Areas Information Leakage: System Configuration: Error Messages Default Passwords HTML Comments Default Pages Source Code Disclosure Default Error Messages Enabled Cross Frame Spoofing Unpatched Software Server Platform Info Leak HTTP Methods Enabled Sensitive Data Revealed Note: This is not exhaustive list of vulnerabilities. More vulnerabilities will be added to the list based on the technology/requirement/latest threats.
8.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Vulnerability Identification Vulnerability Testing Phases Exhaustive manual penetration testing on the application and vulnerability focus areas Automatic scanning of application using tools and analysis of the results for false positives Identification of list of application vulnerabilities from manual and automation testing results Tools HTTP Proxy tool (Eg: Burp Suite tools, HTTPWatch, Tamper IE, Paros, WebScarab etc) Web Application Scanner(Eg: Burp Suite Scanner, Appscan, Web Inspect etc) Web Service Testing tool (SoapUI etc) SSL version and SSL key strength enumeration tools (Cygwin OpenSSL, Foundstone SSLDigger etc) Frameworks for exploitation (Metasploit, Core Impact etc) Note: More tools will be added to the list based on the technology or need or latest advancements.
9.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Exploitation Applicable attacks will be performed on the identified application vulnerabilities without causing much damage to the application resources and infrastructure. This phase helps to assess RISK of a vulnerability more accurately. Resources for exploitation Exploit frameworks (Metasploit, Core Impact etc) Open source scripts and tools Custom scripts (using Python, Perl etc)
10.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Risk Analysis and Remediation Suggestion Risk Analysis Estimation of the Likelihood of attack Estimation of the Impact of a successful attack Evaluate overall RISK of the vulnerability Risk = Likelihood * Impact OWASP Risk Rating Methodology is used as a guidance. Ref: https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology Remediation Suggestion Remediation measures will be suggested for each vulnerability identified. Priority for remediation will be suggested based on the risk rating of the vulnerability
11.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Report Template Brief summary of the Network Brief description of the application includes name, version, platform details and functionality etc. Network Security Summary report Brief description of the overall security status and the list of major security vulnerabilities identified. Vulnerability details for each identified vulnerability: Vulnerability Classification and Name Description of the vulnerability Vulnerability details Remediation Suggestions Vulnerability Risk Rating (Likelihood, Impact, Overall Risk)
12.
© Copyright 2011.
Pramati Technologies Private Limited. All trade names and trade marks are owned by their respective owners. Security as a Service http://www.imaginea.com reachus@imaginea.com