Overview
NETSOL’s Cyber Security Team employs a comprehensive Vulnerability Assessment & Penetration Testing approach, utilizing manual and automated analysis for Web Applications, Mobile Applications, and Network Devices. Our manual research aligns with the testing guide recommended by OWASP standards, ensuring a thorough analysis of your AWS-based assets. By harnessing the power of AWS, we are able to perform in-depth security posture assessments. Our VAPT methodology is tailored for AWS environments and follows a robust delivery approach for cloud platforms, including Application Security Analysis, Network Ports & Services Discovery, Vulnerability Assessment Analysis, Automated Vulnerability Assessments, Manual Vulnerability Assessments, as well as Penetration Testing encompassing exploitation and post-exploitation activities.
Outlined below are the specific VAPT activities conducted by our team for Web Applications, Mobile Applications, and Network Devices on the AWS Cloud.
Web Applications VAPT:
-
Vulnerability Assessment using Automated Testing Tools to identify OWASP’s Top 10 vulnerabilities
-
Assessment of AWS-specific components, such as S3 buckets, API security, and IAM permissions
-
SSL / TLS audit
* Detection of SSL version 2 and 3 * Weak hashing algorithms * Use of RC4 and CBC ciphers * Logjam issue * Sweet32 issue * Certificate expiry * OpenSSL ChangeCipherSec issue * POODLE vulnerability * OpenSSL heartbleed issue * Lucky 13 and Beast Issue
-
Directory Enumeration
-
Sub-domain hunting
-
Parameter Tampering
-
OWASP Vulnerabilities Testing
* SQL Injection (Boolean, Blind, Time-based, Error-based) * Command Injection * Brute Force * Buffer Overflow * Clickjacking * XSS (Reflected, Stored, DOM) * DOS (Denial-Of-Service) * Session Hijacking * Full Path Disclosure * Sensitive Data Disclosure * RCE (Remote Code Execution) * File Inclusion * Local File Inclusion * Remote File Inclusion * Path Traversal * CSRF (Client-Side Request Forgery) * SSRF (Server-Side Request Forgery) * Business Logical Flaws * Broken Authentication * XXE (XML External Entities) * Components with known vulnerabilities
-
Hunt for Exploits
Mobile Applications VAPT:
- Root Detection Bypass
- SSL Pinning Bypass
- Source Code Analyses (Static Application Security Testing)
- Reverse Engineering
- Manual Testing / Dynamic Application Security Testing
- SSL / TLS audit
- Testing mobile applications built on AWS, including support for serverless backends, AWS Cognito, and AWS Amplify
Network Devices VAPT:
- Identify host details
- Identify open ports
- Identify versions and services
- Automated testing
- SSL / TLS audit
- Hunt for vulnerabilities
- Manually exploit vulnerabilities
DELIVERABLES:
Our detailed VAPT report includes:
- Vulnerability Severity (High, Medium, Low)
- Vulnerability rating
- Proof of Concept (POCs)
- Description of Vulnerabilities
- Remediation of Vulnerabilities
Sold by | Netsol Technologies Americas, Inc (NTA) |
Categories | |
Fulfillment method | Professional Services |
Pricing Information
This service is priced based on the scope of your request. Please contact seller for pricing details.
Support
We offer phone, email, and web support
Phone: +1 (818) 222-9195
Email: awscloudservices@netsoltech.com
Website / Contact Us: https://netsolcloudservices.com/contact/