Listing Thumbnail

    Penetration Testing by Commit

     Info
    As an AWS premier partner, one of Commit’s key pillars is protecting our customers’ cloud workloads and applications. We know how continually emerging cyber threats impact your business. Our shift-left testing approach introduces security into every phase of your development journey, identifying application vulnerabilities, weaknesses, and security misconfiguration, early on and proactively preventing attacks. Our expert penetration testing cycles focus on server-side testing on the application layer, based on grey and blackbox methodologies.
    Listing Thumbnail

    Penetration Testing by Commit

     Info

    Overview

    Commit will perform server-side penetration testing on the application layer, based on the grey and blackbox methodologies, with the following elements:

    • Penetration testing with one test run for up to 10 APIs on one web application
    • Coverage of full OWASP Top10 security risks
    • Coverage of identification of OWASP Top 10 security risks in business logic flows
    • Coverage of potential organization data leakage vectors based on different privilege user level (users,admins,anonymous)
    • Coverage of testing all user inputs and data passing across systems/sub-systems correctly handling the following known vulnerabilities:
      • Non-validated input (i.e. input fields shall conform to desired formats)
      • Broken access control.
      • Broken authentication and session management (i.e. account credentials and session cookies)
      • Cross-site scripting (XSS)
      • Cross-site request forgery (CSRF)
      • Buffer overflows.
      • Injection vulnerability flaws (e. SQL injection, command injection etc);
      • Race conditions.
      • Improper error/exception handling.
      • Insecure storage.
      • Denial of service.
      • Misconfigurations and insecure configurations
        • Identifying headers that can make a hacker’s job easier of identifying your stack and software versions.
        • Usage of GET requests with sensitive data or tokens in the URL as these will be logged on servers and proxies.
        • Unproper TLS usage for the entire site, not just login forms and responses.
        • Usage of non httpOnly response
        • Usage of GET requests with sensitive data or tokens in the URL
        • Potential Path Traversal
        • Falsification of session tokens and API’s authentication mechanism

    Highlights

    • For companies facing the Cloud Security Challenge Paradigm
    • For companies focused on security awareness
    • For companies in a market which requires security compliance

    Details

    Delivery method

    Pricing

    Custom pricing options

    Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.

    How can we make this page better?

    We'd like to hear your feedback and ideas on how to improve this page.
    We'd like to hear your feedback and ideas on how to improve this page.

    Legal

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Support

    Vendor support

    If you have questions about this service or about Commit, please reach out and we will get you the information you need. Phone (US): +1 (646) 6738665 Phone (IL): +972(3) 927 9000 Email: awsmarketplace@comm-it.com  Contact Us: www.comm-it.com/contact  or