Security Patterns

Samples of application security vulnerability patterns.- "DeepSource Application Security Patterns"

White Paper

Primeon's new whitepaper - "Enterprise Applications: Wide Open to Attack in 2008" - tells business execs and IT managers the truth about application risk issues in 2008.
Resource Links

Common Vulnerability Scoring System Version 2 Calculator

Open Web Application Security Project (OWASP)

SecurityFocus Bugtraq Database

Registry Whois Search

Microsoft - URLScan Tool

Metasploit Project - for penetration testing, IDS signature development, and exploit research.

National Vulnerability Database Version 2.0

Application Ethical Hacking or Pen Testing

Application Ethical Hacking/Pen Testing services utilize the Primeon unique methodology, vulnerability knowledge base, and proprietary tools to identify the following common security issues:

  • Invalid Parameters
  • Broken Access Control
  • Broken Account and Session Management
  • XSS
  • Buffer Overflows
  • Command Injection Flaws
  • Error Handling Problems
  • Insecure Use of Cryptography
  • Remote Administration Flaws
  • Web and App Server Misconfiguration

A typical Ethical Hacking service engagement includes the following components:
Threat Modeling – Analyzing the appropriate targets and their potential threats.
Discovery – Building information about the application and its hosting environment.
Vulnerability Scanning – Testing system/service/application for known vulnerabilities.
Manual Testing – Using the advanced testing tools to walk through the complex business logic flow. The tests include:

  • Authentication test covering the requirements for Broken Access Control
  • Input validation test covering the requirements for XSS, Buffer Overflows and Command Injection Flaws
  • Parameter manipulation test covering the requirements for Invalid Parameters
  • Configuration management test covering the requirements for Web and App Server Misconfiguration and Remote Administration Flaws
  • Session management test covering the requirements for Broken Account and Session Management
  • Exception management test covering the requirements for Error Handling Problems
  • Authorization test covering the requirements for Broken Access Control and Remote Administration Flaws
  • Other tests as potential exploits are revealed covering the requirements for Insecure Use of Cryptography, etc.

Analysis – Analyzing the results from previous components for potential impact.
Reporting – Detailed findings and recommendations.

Copyright © Primeon, Inc. 2008