Web Application Penetration Test
- 1. Web Application Penetration Test Why (background)? Web applications have become increasingly vulnerable to different forms of hacker attacks. According to a Gartner Report, 75% of attacks today occur at the application level. A Forrester survey states that “people are now attacking through applications, because it’s easier than through the network layer.” Despite common use of defenses such as firewalls and intrusion detection or prevention systems, hackers can access valuable proprietary and customer data, shutdown websites and servers and defraud businesses, as well as introduce serious legal liability without being stopped or, in many cases, even detected. To counter this problem, Cyber 51 Ltd. offers a comprehensive security risk assessment solution - Web Application Penetration Testing - to identify, analyze and report vulnerabilities in a given application. As part of this service, Cyber 51 Ltd. attempts to identify both inherent and potential security risks that might work as entry points for the hacker. We believe vulnerabilities could be present in a web application due to inadvertent flaws left behind during development, security issues in the underlying environment and misconfigurations in one or more components like database, web server etc. When conducting a Web Application Penetration Testing assignment, Cyber 51 Ltd. adopts a strong technology and process-based approach supported by a well-documented methodology to identify potential security flaws in the application and underlying environment. Adherence to industry standards such as OWASP, customized tests based on technology and business logic, skilled and certified security engineers, risk assessment on the vulnerabilities found, scoring system based on CVSS (Common Vulnerability Scoring System) make us different from the other vendors in this space. Customers would benefit from web application penetration testing on the application as it gives an in-depth analysis of your current security posture, recommendations for reducing exposure to currently identified vulnerabilities are highlighted and it allows the customer to make more informed decisions, enabling management of the Cyber 51 Ltd. | www.cyber51.co.uk | info@cyber51.co.uk
- 2. company’s exposure to threats. The security assessment report submitted on completion of the engagement provides a detailed and prioritized mitigation plan to help customers in addressing security issues in a phased manner. How (Our Methodology)? Configuration Management Analysis: The infrastructure used by the Web application will be evaluated from a security perspective. The tests to be performed are as follows: • TLS and SSL tests. • Security Testing over the listener of management system databases. • Testing the configuration of the infrastructure and its relationship with the Web application, vulnerability analysis, analysis of authentication mechanisms and identification of all the ports used by the Web application. • Testing the application settings, search through directories and regular files, comments from developers and the eventual acquisition and operational analysis of logs generated by the application. • Searching for old files, backups, logs of operations and other files used by the Web application. • Search and test management interfaces or web application related infrastructure. • Test various HTTP methods supported and the possibilities of XST (Cross-Site Tracing). Cyber 51 Ltd. | www.cyber51.co.uk | info@cyber51.co.uk
- 3. Analysis of Authentication: We will evaluate the various mechanisms and aspects of the web application authentication. The tests to be performed are as follows: • Credentials management • Enumeration of users and user accounts easily identifiable. • Proof of identification credentials brute force, based on information found or inferred. • Testing the authentication mechanisms looking for evasion • Logouts mechanisms and weaknesses associated with the Internet browser cache. • Strength tests over captchas and test multi-factor authentication. Session Management Analysis: We will evaluate the different mechanisms and management aspects of web application sessions. The tests to be performed are as follows: • Session management scheme will be tested. • CSRF (Cross-Site Request Forgery). • Test attributes Cookies. • Setting sessions. • Evidence of attributes exposed session and repetition. Cyber 51 Ltd. | www.cyber51.co.uk | info@cyber51.co.uk
- 4. Analysis of Authorization: We will evaluate the various mechanisms and aspects of web application authorization. The tests to be performed are as follows: • Privilege escalation. • "Path Traversal". • Evidence of evasion of clearance mechanisms. • Testing the "business logic" of the Web application, avoiding, altering, or cheating their relationships within the application. Data Validation Analysis: We will evaluate the various repositories, access and protection mechanisms related to the validation of data used by the Web application. The tests to be performed are as follows: • Test various XSS (Cross Site Scripting) and "Cross Site Flashing." • SQL Injection tests. • LDAP injection tests. • Evidence of ORM injection. • XML Injection tests. • SSI injection testing. • Testing XPath Injection. • Injection Test IMAP / SMTP. Cyber 51 Ltd. | www.cyber51.co.uk | info@cyber51.co.uk
- 5. • Evidence Code Injection. • Injection Test Operating System Commands. • Evidence of buffer overflow. • Evidence of Splitting / Smuggling of HTTP. • Evidence of evasion of clearance mechanisms. • Evidence of privilege escalation. Analysis of Web Services: We will evaluate the web application services related to SOA (Service Oriented Architecture): The tests to be performed are as follows: • Security testing of WSDL. • Evidence of structural Security of XML. • Testing of security at XML content. • Test HTTP GET parameters / REST. • Tests with contaminated SOAP attachments. • Repeat testing of web services. • Testing AJAX Web application vulnerabilities regarding this technology. Cyber 51 Ltd. | www.cyber51.co.uk | info@cyber51.co.uk