Sold by: Comm-IT Technology Solutions LTD
As an AWS premier partner, one of Commit’s key pillars is protecting our customers’ cloud workloads and applications. We know how continually emerging cyber threats impact your business. Our shift-left testing approach introduces security into every phase of your development journey, identifying application vulnerabilities, weaknesses, and security misconfiguration, early on and proactively preventing attacks.
Our expert penetration testing cycles focus on server-side testing on the application layer, based on grey and blackbox methodologies.
Sold by: Comm-IT Technology Solutions LTD
Overview
Commit will perform server-side penetration testing on the application layer, based on the grey and blackbox methodologies, with the following elements:
- Penetration testing with one test run for up to 10 APIs on one web application
- Coverage of full OWASP Top10 security risks
- Coverage of identification of OWASP Top 10 security risks in business logic flows
- Coverage of potential organization data leakage vectors based on different privilege user level (users,admins,anonymous)
- Coverage of testing all user inputs and data passing across systems/sub-systems correctly handling the following known vulnerabilities:
- Non-validated input (i.e. input fields shall conform to desired formats)
- Broken access control.
- Broken authentication and session management (i.e. account credentials and session cookies)
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Buffer overflows.
- Injection vulnerability flaws (e. SQL injection, command injection etc);
- Race conditions.
- Improper error/exception handling.
- Insecure storage.
- Denial of service.
- Misconfigurations and insecure configurations
- Identifying headers that can make a hacker’s job easier of identifying your stack and software versions.
- Usage of GET requests with sensitive data or tokens in the URL as these will be logged on servers and proxies.
- Unproper TLS usage for the entire site, not just login forms and responses.
- Usage of non httpOnly response
- Usage of GET requests with sensitive data or tokens in the URL
- Potential Path Traversal
- Falsification of session tokens and API’s authentication mechanism
Highlights
- For companies facing the Cloud Security Challenge Paradigm
- For companies focused on security awareness
- For companies in a market which requires security compliance
Details
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.
How can we make this page better?
We'd like to hear your feedback and ideas on how to improve this page.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Resources
Support
Vendor support
If you have questions about this service or about Commit, please reach out and we will get you the information you need. Phone (US): +1 (646) 6738665 Phone (IL): +972(3) 927 9000 Email: awsmarketplace@comm-it.com Contact Us: www.comm-it.com/contact or