Vulnerability Assessment & Penetration Testing

Penetration Testing Methodology

Web AppSec Testing
  • Injection
  • Broken Authentication
  • Sensitive Data Exposure
  • XML External Entities (XXE)
  • Broken Access control
  • Security misconfigurations
  • Cross Site Scripting (XSS)
  • Insecure De-serialization
  • Using Components with known vulnerabilities
  • Insufficient logging and monitoring
Mobile AppSec Testing
  • Improper Platform Usage
  • Insecure Data Storage
  • Insecure Communication
  • Insecure Authentication
  • Insufficient Cryptography
  • Insecure Authorization
  • Client Code Quality
  • Code Tampering
  • Reverse Engineering
  • Extraneous Functionality
API Testing
  • Broken object level authorization
  • Broken authentication
  • Excessive data exposure
  • Lack of resources and rate limiting
  • Broken function level authorization
  • Mass assignment
  • Security misconfiguration
  • Injection
  • Improper assets management
  • Insufficient logging and monitoring

Phases of Pentesting

  • Pre-Engagement Interactions
  • Reconnaissance or OSINT
  • Threat Modeling & Vulnerability Identification
  • Exploitation
  • Post-Exploitation, Analysis & Recommendations
  • Reporting

Intersted ? Let have a meet!

Menu