With our penetration testing packages, you can be certain about your organization cyber security exposure inside-out and outside-in

Our Penetration Testing (PT) provides an intelligent combination of automated and manual scanning, covering in depth and broad coverage checks for application vulnerabilities and malware. Deep vulnerability scanning methodology scans client-side web applications to find vulnerabilities in web 2.0 technologies such as JavaScript and AJAX. Aids in detecting and testing custom business logic and application for Identification of logical risks using manual intelligence and intervention checks.
Manual intelligence also allows security analysts to correlate multiple vulnerabilities, provide in-depth verification of vulnerability existence and create attack in depth pattern to demonstrate business impact.

Web Application Vulnerabilities & Threats Addressed covering OWAST top 10

OWAST 1
  • SQL Injection
  • LDAP Injection
  • OS commanding
  • SSI Injection
  • X path Injection
OWAST 2
  • Test for XSS Detection
OWAST 3
  • Session Management
  • Privilege Escalation
  • Insufficient Session Expiration
OWAST 4
  • Path Traversal
  • Insecure Direct Object Reference
OWAST 5
  • Cross-Site request forgery
  • Insecure Direct Object Reference
OWAST 6
  • Security misconfiguration (default accounts, unused pages, unprotected files/folders ), Webserver and OS vulnerabilities.
  • Database error message
OWAST 7
  • Insecure cryptographic storage
OWAST 8
  • Failure to restrict URL accessDirectory indexing
OWAST 9
  • Insufficient transport layer protection
  • Check for SSL certificate attributes
OWAST 10
  • Unvalidated redirects and forwards, check for redirection to blacklisted URL

Mobile Application Pentest Highlights

Most Comprehensive Platform Coverage. Our Mobile supports applications across all mobile computing platforms, such as iOS, Google Play. It also supports all types of applications be it native, mobile web or HTML5

  • Sensitive information written on mobile device: Mobile applications can access sensitive information such as financial details, passwords or private information stored on device memory.

  • Cryptographic storage: In most of the implementations, mobile applications store some sensitive data on the mobile device. If this data is not encrypted and stored, then the stored clear text data or weakly encrypted data can be stolen and used against the legitimate user.

  • Weak server side controls:
    If server side controls are not in place, this can lead to bypass validation implemented on the client and business logic, leading to security breach resulting in business loss.
  • Exception and error handling: If error messages are not customized then they can reveal information about the application or server which might lead to breach of security.

  • Unencrypted traffic: Mobile applications exchange information with the server such as login credentials, transaction details etc. which can be sniffed out from the clear text traffic on the network by an attacker.

  • Parameter manipulation attacks: A malicious user may gain access to the data or the active session by manipulating parameters going into HTTP requests and in the same manner make fraudulent transactions.

  • Injection attacks: Injection flaws occur when an application sends untrustworthy data to an interpreter, thus causing loss of data. This can even lead to hostile takeover, ruining clients’ reputation.

  • Authorization and Authentication related checks: An attacker can get unauthorized access of the application and will be able to perform malicious actions leading to high security risks for the application.
  • Insecure coding: By performing reverse engineering on the application installer file, an attacker can look into the code for hard coded sensitive and useful information like password, database credentials, log information etc.

  • Session related threats: Improper session management may lead to a compromised user session.

  • Malware infected application: Malware is designed to infiltrate and damage smartphones without the user's consent. A mobile application needs to be assessed for any possible malicious activity on a mobile device to avoid any brand abuse or data breach.

  • Unwanted Permissions: Any unwanted permissions allowed by the application on a mobile device can lead to misuse of the application and brand abuse / loss of sensitive data of the application owner.

Would you like to conduct a pentest?

Please fill in the form below and we shall revert back.

Thank you! Your submission has been received! We shall reach out to you soon.
Oops! Something went wrong while submitting the form.