Application Ethical Hacking/Pen Testing services utilize the Primeon unique methodology, vulnerability knowledge base, and proprietary tools to identify the following common security issues:
- Invalid Parameters
- Broken Access Control
- Broken Account and Session Management
- XSS
- Buffer Overflows
- Command Injection Flaws
- Error Handling Problems
- Insecure Use of Cryptography
- Remote Administration Flaws
- Web and App Server Misconfiguration
A typical Ethical Hacking service engagement includes the following components:
Threat Modeling – Analyzing the appropriate targets and their potential threats.
Discovery – Building information about the application and its hosting environment.
Vulnerability Scanning – Testing system/service/application for known vulnerabilities.
Manual Testing – Using the advanced testing tools to walk through the complex business logic flow. The tests include:
- Authentication test covering the requirements for Broken Access Control
- Input validation test covering the requirements for XSS, Buffer Overflows and Command Injection Flaws
- Parameter manipulation test covering the requirements for Invalid Parameters
- Configuration management test covering the requirements for Web and App Server Misconfiguration and Remote Administration Flaws
- Session management test covering the requirements for Broken Account and Session Management
- Exception management test covering the requirements for Error Handling Problems
- Authorization test covering the requirements for Broken Access Control and Remote Administration Flaws
- Other tests as potential exploits are revealed covering the requirements for Insecure Use of Cryptography, etc.
Analysis – Analyzing the results from previous components for potential impact.
Reporting – Detailed findings and recommendations.