Penetration Testing

Web Application Security

Application Security Assessments are designed to identify and assess threats to the organization through proprietary applications delivered by the development companies with little or no customization. In our application security assessment methodology, we follow the well-known security assessment guides such as:

  • OWASP Top 10 (Open Web Application Security Project)
  • SANS 25
InterceptZero’s Approach toward Web Application Security Assessments:

An Application Security Analyst will look at the Web Application and reports if any weaknesses found. IZ uses a number of application security testing techniques. This might include black-box, white-box, grey-box testing along with the business logical testing which might abuse or exploit an application’s functionality to carry out unwanted actions such as privilege escalation attacks, leaking sensitive information, authorization bypass etc.

Mobile Application Security

With the increase in the number of Mobile users, the industries are extensively working on creating their mobile platform to ease the user’s interaction with their platform. So, as a part of our extensive security assessment portfolio, we also specialize in mobile application security assessments, be it black-box, reverse engineering engagements or source-code review analysis. We have rich experience in Mobile Application Security Testing and have done the same with the Large Enterprise to help them secure their mobile application.

Let us elucidate a bit to show you some of the vulnerabilities that we look for while performing the Mobile Application Security Assessments:

 

  • Side Channel data leakage
  • Server-side Controls Strength
  • Business Logic Flaws
  • Data flow issues
  • Deficient Transport layer Protection
  • Authentication Bypass
  • Insecure data Storage
  • Improper Session Handling
  • Cryptography
  • Client-side Injection Vulnerabilities
  • Confidential Information Disclosure

Network Security

Network Architecture Review

Do we know that, most of the organizations whose data was compromised have one thing in common – Poorly formed and configured network architecture and its devices. So, Putting the correct architecture can allow us to get the best of the current architecture and properly configuring the devices, will prevent the unauthorized access to the network.

VA & PT

This part includes the task of finding all the vulnerabilities that exit in the network. To carry out his Task we use both the approaches that includes manual as well as tool-based testing. Our intention is to gain access to the network and see how severe it could affect the organization.

Following is our approach that helps us identify the vulnerabilities in the network.

  • Understanding the Network Architecture, Layout and Setup.
  • Checking Configuration of the network devices.
  • Monitoring the Network Traffic.
  • System related Vulnerabilities
  • Port Analysis

External Penetration Testing

In External Penetration Testing, we try to penetrate the network externally, so as to find the vulnerabilities with the perspective of hacker. The idea behind this, is to cover all the vulnerabilities that are exposed over the internet and which an attacker can take advantage of, to leverage his access against the target organization.

Internal Penetration Testing

Even if the network is secure from outside world, However, if nothing has been done to prevent the attack from inside of the organization, an attacker can still be able to do damage to the organization. Since, attacker can be anyone, if an employee working for the organization or an interviewee who is given the access to the guest network. So, it is important to have the Internal Network Security Assessment.

Network Log Analysis

Without appropriate audit logging and analysis, an attacker’s activities can go unnoticed, and evidence of weather or not the attack led to breach can be inconclusive.Since, these machines generated logs have vital information that can provide powerful insights and network security intelligence into user behaviors, network anomalies, system downtime, policy violations, internal threats, regulatory compliance, etc. Log Analysis helps to find malicious activities, mitigate threats and can contribute important insight into network availability.