Web Assessment

Note: No Internal Code Review

The final phase is where the majority of hacking attacks take place. Analysis of cookies, code inspection, encryption types, randomness, input validation will be carefully analyzed. These attacks are not stopped by firewalls and are now 70% of all hacker successful attacks.

• Code Inspection - All web server code available through the external IP address, including PHP, JAVA, C# (.NET) and HTTP will be inspected for potential buffer overflows.
• Administrative Interfaces - To determine the extent of any administrative interfaces used and whether or not they are secure.
• Authentication and Access Control - To determine the adequacy of the authentication and access control configurations.
• Configuration Management - To determine the adequacy of change management procedures.
• Input Validation - To determine whether the web application can be manipulated by inserting invalid input in order to extract sensitive information or perform unauthorized functions.
• Parameter Manipulation - Determine whether parameters in the web applications can be manipulated to extract sensitive information or perform unauthorized functions.
• Session Management - To identify the session management mechanism used and to determine any security control weaknesses.
• Business Logic - Determine whether business logic controls can be bypassed.
• Links - Review of any links to other CLIENT Servers including middleware/database servers.

For a free quotation for required assessments, whether unique or complex e-mail: pentests@secureia.com