Deltecs’ Services for Information Security




              like
        Think like a Thief to catch a Thief




        ...
INTRODUCTION


Deltecs Infotech Pvt. Ltd, a leader in information security and penetration testing adopts
the tests listed...
Client Side Attacks
Cross-site Scripting
Cross-site Scripting (XSS) is an attack technique that forces a
website echo atta...
Upcoming SlideShare
Loading in...5
×

Deltecs Services for Vulnerability Assessment and penetration testing

474

Published on

This document gives a detail stepwise gist of what Deltecs\' consultancy involves in the field of Vulnerability Assessment and Penetration Testing. It also gives a life cycle of the testing to be carried out on any web application or system. This wold give an insider information on what are principles followed by Deltecs while testing web applications.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
474
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Deltecs Services for Vulnerability Assessment and penetration testing"

  1. 1. Deltecs’ Services for Information Security like Think like a Thief to catch a Thief | Deltecs Infotech Pvt. Ltd Ph: 022-28488746 | 022-28481451 Web: www.deltecs.com Email: info@deltecs.com
  2. 2. INTRODUCTION Deltecs Infotech Pvt. Ltd, a leader in information security and penetration testing adopts the tests listed in the OWASP Top Ten list, as well as the class of tests provided at OWASC. Deltecs’ Web Application Security process is a combination of comprehensive vulnerability detection tests. It is run on the company’s web assets, like web servers, e- mail servers, data centers, and third party applications running on servers. With an exhaustive database of existing vulnerabilities Deltecs has an expertise in vulnerability detection and remediation. The daily update of the database assures the highest level of remote vulnerability detection available. Combined with an automated process being managed by world class security experts, this provides an unparalleled level of network perimeter security. Authentication Brute Force: A Brute Force attack is an automated process of trial and error used to guess a person’s username, password, credit card number or cryptographic key. Insufficient Authentication: Insufficient Authentication occurs when a website permits an attacker to access sensitive content or functionality without properly authenticate. Weak Password Recovery: Weak Password Recovery Validation is when a Website permits an attacker to illegally obtain, Change or Recover another user’s Password. Authorization Credentials/Session Prediction Credentials/Session Prediction is a method of hijacking or impersonating a website user. Insufficient Authorization Insufficient Authorization is when a website permits access to sensitive content or functionality that requires increased access control restriction. Insufficient Session Expiration Insufficient Session Expiration is when a website permits an attacker to reuse old session credentials or session IDs for authorization. Session Fixation Session Fixation is an attack technique that forces a user’s session ID to an explicit value.
  3. 3. Client Side Attacks Cross-site Scripting Cross-site Scripting (XSS) is an attack technique that forces a website echo attacker-supplied executable code, which loads in a user’s browser. Command Execution SQL Injection SQL Injection is an attack technique used to exploit websites that construct SQL statements from a user-supplied input. Information Disclosure Directory Indexing Automatic directory listing /indexing is a web server function that lists all of the files within a requested directory if the normal base file is not present. Information Leakage Information Leakage is when a website reveals sensitive data, such as developer comments or error messages, which may aid an attacker in exploiting the system. Path Traversal The Path Traversal attack technique forces access to files, directories, and commands that potentially reside outside the web document root directory. Predictable Resource Location Predictable Resource Location is an attack technique used to uncover hidden website content and functionality. Logical Attacks Abuse of Functionality is an attack technique that uses a website‘s own features and functionality to consume, defraud, or circumvents access controls mechanisms. Insufficient Anti-automation Insufficient Anti-automation is when website permits an attacker to automate a process that should only be performed manually. Insufficient Process Validation Insufficient Process Validation is when a website permits an attacker to bypass or circumvent the intended flow control of an application.

×