Overview
Commit will perform server-side penetration testing on the application layer, based on the grey and blackbox methodologies, with the following elements:
- Penetration testing with one test run for up to 10 APIs on one web application
- Coverage of full OWASP Top10 security risks
- Coverage of identification of OWASP Top 10 security risks in business logic flows
- Coverage of potential organization data leakage vectors based on different privilege user level (users,admins,anonymous)
- Coverage of testing all user inputs and data passing across systems/sub-systems correctly handling the following known vulnerabilities:
- Non-validated input (i.e. input fields shall conform to desired formats)
- Broken access control.
- Broken authentication and session management (i.e. account credentials and session cookies)
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Buffer overflows.
- Injection vulnerability flaws (e. SQL injection, command injection etc);
- Race conditions.
- Improper error/exception handling.
- Insecure storage.
- Denial of service.
- Misconfigurations and insecure configurations
- Identifying headers that can make a hacker’s job easier of identifying your stack and software versions.
- Usage of GET requests with sensitive data or tokens in the URL as these will be logged on servers and proxies.
- Unproper TLS usage for the entire site, not just login forms and responses.
- Usage of non httpOnly response
- Usage of GET requests with sensitive data or tokens in the URL
- Potential Path Traversal
- Falsification of session tokens and API’s authentication mechanism
Sold by | Comm-IT Technology Solutions LTD |
Categories | |
Fulfillment method | Professional Services |
Pricing Information
This service is priced based on the scope of your request. Please contact seller for pricing details.
Support
If you have questions about this service or about Commit, please reach out and we will get you the information you need. Phone (US): +1 (646) 6738665 Phone (IL): +972(3) 927 9000 Email: awsmarketplace@comm-it.com Contact Us: www.comm-it.com/contact or https://www.commit.us/contact-commit