Testing Process

KEEP-IT-SECURE-24 Penetration Tests are executed by a team of highly qualified and certified security professionals. Penetration Testing Activities are intended to validate security controls and identify potential and real vulnerabilities, using tools and methodologies similar to the potential attackers.

This table presents some of the activities we develop during the course of our activity:

FootPrinting Gathering of externally available information about the infra-structure (google dorking, dns, etc)
Scanning and Enumeration Scanning the network for available devices, services, and potential vulnerabilities
Vulnerability Analysis Analysis of potential vulnerabilities, identifying false positives, and exploitable vulnerabilities
Vulnerability Exploitation Exploitation, proving the existence of the vulnerability
Privilege Escalation Attempting to obtain further privileges on the infrastructure
Information Gathering Collection of application information regarding entry-points, frameworks, versions and error codes
Configuration Management Testing Test and identify: SSL/TLS, database access, infra-structure and application configurations, extension processing and handling, redundant, readable and downloadable files, available HTTP Methods
Authentication Testing Test and identify: credentials transport over an encrypted channel, user enumeration, user guessing, authentication bypass, password reset, cache management, CAPTCHA, race conditions
Session Management Test and identify: Session Management Schema, cookies attributes, session fixation, CSRF
Authorization Testing Test and identify: path traversal, authorization bypass, privilege escalation
Business Logic Testing Analysis and testing application business logic
Data Validation Testing Test and identify: XSS (reflected/stored/DOM), Cross Site Flashing, Injection flaws (SQL/LDAP/ORM/XML/SSI/Xpath/IMAP/SMTP/Code/OSCommands), buffer overflows, HTTP splitting / smuggling, HPP (HTTP Parameter Pollution)
Denial of Service Testing Identify and test vulnerabilities that can cause Denial of Service as SQL wildcards, user account lockout, buffer overflows, user object allocation, user loop counter input, user data disk writing
Web Services Testing Test and identify: WSDL, XML structures, XML content, HTTP GET/REST, SOAP attachments, replay
AJAX Testing Test and identify vulnerabilities in AJAX

All identified vulnerabilities are reported through KEEP-IT-SECURE-24 platform enabling a flexible and interactive vulnerability resolution process.

Did you know that KEEP-IT-SECURE 24 model provides continuous Penetration Testing services at approximately the same cost as a single traditional Penetration Test?
Check our plans.

Got a question?

See most frequently asked questions here.

Consentimiento Cookies X

Devoteam Cyber Trust utiliza cookies para elaborar información estadística y de presentación de información más personalizada, en función de sus hábitos de navegación. Para más información, consulte nuestra Política de Cookies.