Security Patterns

Samples of application security vulnerability patterns.- "DeepSource Application Security Patterns"

White Paper

Primeon's new whitepaper - "Enterprise Applications: Wide Open to Attack in 2016" - tells business execs and IT managers the truth about application risk issues in 2016.

Resource Links

Common Vulnerability Scoring System Version 2 Calculator

Open Web Application Security Project (OWASP)

SecurityFocus Bugtraq Database

Registry Whois Search

Microsoft - URLScan Tool

Metasploit Project - for penetration testing, IDS signature development, and exploit research.

National Vulnerability Database Version 2.0

Application Ethical Hacking /Pen Testing

A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a "Hacker". The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution. The intent of a penetration test is to determine feasibility of an attack and the amount of business impact of a successful exploit, if discovered.

Primeon provides Application Ethical Hacking/Penetration Testing "Blackbox". Within this offering, Primeon tests login to logout all functions and the infrastructure on which the application resides. This service extends well beyond tools, which are only finding less than 5% of the applications vulnerabilities. Primeon requests 2 "conditioned" test accounts per each user level and follows the apps workflow from start to finish to identify deeply rooted vulnerabilities that go completely undetected by other approaches. Sr.engineers/testers rolling up their sleeves to perform this comprehensive "deepdive" truly differentiates Primeon within the application security marketplace. This offering utilizes the Primeon unique methodology, vulnerability knowledge base, and proprietary tools to identify the following common security issues:

  • Invalid Parameters
  • Broken Access Control
  • Broken Account and Session Management
  • XSS
  • Buffer Overflows
  • Command Injection Flaws
  • Error Handling Problems
  • Insecure Use of Cryptography
  • Remote Administration Flaws
  • Web and App Server Misconfiguration

A typical Ethical Hacking service engagement includes the following components:
Threat Modeling - Analyzing the appropriate targets and their potential threats.
Discovery - Building information about the application and its hosting environment.
Vulnerability Scanning - Testing system/service/application for known vulnerabilities.
Manual Testing - Using the advanced testing tools to walk through the complex business logic flow.

The tests include:

  • Authentication test covering the requirements for Broken Access Control
  • Input validation test covering the requirements for XSS, Buffer Overflows and Command Injection Flaws
  • Parameter manipulation test covering the requirements for Invalid Parameters
  • Configuration management test covering the requirements for Web and App Server Misconfiguration and Remote Administration Flaws
  • Session management test covering the requirements for Broken Account and Session Management
  • Exception management test covering the requirements for Error Handling Problems
  • Authorization test covering the requirements for Broken Access Control and Remote Administration Flaws
  • Other tests as potential exploits are revealed covering the requirements for Insecure Use of Cryptography, etc.

Analysis - Analyzing the results from previous components for potential impact.
Reporting - Detailed findings and recommendations.

Copyright © Primeon, Inc. 2016