2. 1
C O N T E N T P A G E
Executive Summary 2
1.
2.Sub-domain list 3
3.Nmap Scan on main domain 4
4.Nikto Scan on main domain 5
5.Slilpfish Scan on main domain 6
6.Security Header Scan 7-9
8. Burpsuite Scan 10-12
9.High Risk Vulnerabilities 13-15
10.Meduim Risk Vulnerabilities 16-17
11.Conclusion 18
3. 2
This report summarizes the findings of a vulnerability testing and
bug reportconducted on https://www.securitas.com and its 10
sub-domains . The testing was operated using a different kind of
methods, including vulnerability scanning, manual penetration
testing, and many other online tools.
The testing identified a few types of vulnerabilities in different sub
domains and directory here found High risk vulnerabilities is 2 and
Medium risk is 2 . The high- risk vulnerabilities represent the most
serious threats to the organization's security, and should be
addressed as soon as possible.The report includes detailed
descriptions of each vulnerability.
H I G H
Executive Summary
M E D U I M L O W
2 2 many
4. W W W . S E C U R I T A S . C O M ( M A I N D O M A I N )
Intelligence.securitas.com
Brand.securitas.com
Mylearning.securitas.com
Flow.securitas.com
Solutionsportal.securitas.com
Ssmd-dc.securitas.com
toolbox.securitas.com
support.solutions.securitas.com
Projects.europe.securitas.com
airflow-ds.sis.securitas.com
Sub-domain ( 10 ):
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
3
5. PORT STATE SERVICE VERSION
80/tcp open http Cloudflare http proxy
|_http-server-header: cloudflare
|_http-title: Did not follow redirect to https://www.securitas.com/
443/tcp open ssl/http Cloudflare http proxy
|_http-title: securitas.com
| http-robots.txt: 3 disallowed entries
|_/Static/ /controllers/ /helpers/
|_http-server-header: cloudflare
| ssl-cert: Subject:
commonName=sni.cloudflaressl.com/organizationName=Cloudflare,
Inc./stateOrProvinceName=California/countryName=US
| Subject Alternative Name: DNS:www.securitas.com,
DNS:sni.cloudflaressl.com
| Not valid before: 2022-10-14T00:00:00
|_Not valid after: 2023-10-14T23:59:59
8080/tcp open http Cloudflare http proxy
|_http-server-header: cloudflare
|_http-title: Attention Required! | Cloudflare
8443/tcp open ssl/http Cloudflare http proxy
| ssl-cert: Subject:
commonName=sni.cloudflaressl.com/organizationName=Cloudflare,
Inc./stateOrProvinceName=California/countryName=US
| Subject Alternative Name: DNS:www.securitas.com,
DNS:sni.cloudflaressl.com
| Not valid before: 2022-10-14T00:00:00
|_Not valid after: 2023-10-14T23:59:59
|_http-server-header: cloudflare
|_http-title: Attention Required! | Cloudflare
Nmap Scan on main domain
4
6. Nikto Scan on main domain
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP: 104.18.24.154
+ Target Hostname: 104.18.24.154
+ Target Port: 80
+ Start Time: 2023-07-02 12:02:03 (GMT6)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: The X-Content-Type-Options header is not set. This could allow the
user agent to render the content of the site in a different fashion to the
MIME type. See: https://www.netsparker.com/web-vulnerability-
scanner/vulnerabilities/missing-content-type-header/
+ All CGI directories 'found', use '-C none' to test none
+ /cdn-cgi/trace: Retrieved access-control-allow-origin header: *.
+ /cdn-cgi/trace: Cloudflare trace CGI found, which may leak some
system information.
+ 26662 requests: 0 error(s) and 3 item(s) reported on remote host
+ End Time: 2023-07-02 12:18:25 (GMT6) (982 seconds)
---------------------------------------------------------------------------
5
11. Burpsuite Scan on main domain and
subdomain
Using burpsuite i find few responsive vulnerabilities here we find
two high risk vulnerabilities the are sql injection and client side
desync on different
sub-domian. I also find two meduim risk vulnerabilities 3/4 sub-
domain different directory they are HTTP request sumggeling
and TSL certificate problem .
The table below shows the numbers of issues identified in
different categories. Issues are classified according to severity as
High, Medium, Low or Information. This reflects the likely impact
of each issue for a typical organization. Issues are also classified
according to confidence as Certain, Firm or Tentative. This
reflects the inherent reliability of the technique that was used to
identify the issue.
sql injection
client side desync on different
High Risk
HTTP request sumggeling
TSL certificate problem .
Meduim Risk
1 0
19. In conclusion, the vulnerability testing conducted on
https://www.securitas.com/ systems, applications, and networks have
identified significant security weaknesses. These vulnerabilities could
potentially lead to unauthorized access, data breaches, and service
disruptions. It is crucial that https://www.securitas.com immediate
action to address the high severity vulnerabilities, as they pose the
greatest risk.
Additionally, educating employees on secure practices, establishing an
incident response plan, and regularly updating security controls are vital
steps to ensure ongoing protection against emerging threats.
By following these recommendations and maintaining a proactive
approach to security, https://www.securitas.com/ can significantly
improve its security posture and maintain the trust of its stakeholders.
Remember, vulnerability management is an ongoing process, and it is
important to regularly reassess and update security measures to stay
ahead of potential .
1 8
Conclusion