SlideShare a Scribd company logo

Penetration testing by Burpsuite

Burp Suite - Application Security Testing Software - PortSwigger

1 of 19
Download to read offline
SECURITY
ASSESSMENT
REPORT
By Ayon Debnath
Certified Ethical Hacker || Penetration Tester
1
C O N T E N T P A G E
Executive Summary 2
1.
2.Sub-domain list 3
3.Nmap Scan on main domain 4
4.Nikto Scan on main domain 5
5.Slilpfish Scan on main domain 6
6.Security Header Scan 7-9
8. Burpsuite Scan 10-12
9.High Risk Vulnerabilities 13-15
10.Meduim Risk Vulnerabilities 16-17
11.Conclusion 18
2
This report summarizes the findings of a vulnerability testing and
bug reportconducted on https://www.securitas.com and its 10
sub-domains . The testing was operated using a different kind of
methods, including vulnerability scanning, manual penetration
testing, and many other online tools.
The testing identified a few types of vulnerabilities in different sub
domains and directory here found High risk vulnerabilities is 2 and
Medium risk is 2 . The high- risk vulnerabilities represent the most
serious threats to the organization's security, and should be
addressed as soon as possible.The report includes detailed
descriptions of each vulnerability.
H I G H
Executive Summary
M E D U I M L O W
2 2 many
W W W . S E C U R I T A S . C O M ( M A I N D O M A I N )
Intelligence.securitas.com
Brand.securitas.com
Mylearning.securitas.com
Flow.securitas.com
Solutionsportal.securitas.com
Ssmd-dc.securitas.com
toolbox.securitas.com
support.solutions.securitas.com
Projects.europe.securitas.com
airflow-ds.sis.securitas.com
Sub-domain ( 10 ):
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
3
PORT STATE SERVICE VERSION
80/tcp open http Cloudflare http proxy
|_http-server-header: cloudflare
|_http-title: Did not follow redirect to https://www.securitas.com/
443/tcp open ssl/http Cloudflare http proxy
|_http-title: securitas.com
| http-robots.txt: 3 disallowed entries
|_/Static/ /controllers/ /helpers/
|_http-server-header: cloudflare
| ssl-cert: Subject:
commonName=sni.cloudflaressl.com/organizationName=Cloudflare,
Inc./stateOrProvinceName=California/countryName=US
| Subject Alternative Name: DNS:www.securitas.com,
DNS:sni.cloudflaressl.com
| Not valid before: 2022-10-14T00:00:00
|_Not valid after: 2023-10-14T23:59:59
8080/tcp open http Cloudflare http proxy
|_http-server-header: cloudflare
|_http-title: Attention Required! | Cloudflare
8443/tcp open ssl/http Cloudflare http proxy
| ssl-cert: Subject:
commonName=sni.cloudflaressl.com/organizationName=Cloudflare,
Inc./stateOrProvinceName=California/countryName=US
| Subject Alternative Name: DNS:www.securitas.com,
DNS:sni.cloudflaressl.com
| Not valid before: 2022-10-14T00:00:00
|_Not valid after: 2023-10-14T23:59:59
|_http-server-header: cloudflare
|_http-title: Attention Required! | Cloudflare
Nmap Scan on main domain
4
Nikto Scan on main domain
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP: 104.18.24.154
+ Target Hostname: 104.18.24.154
+ Target Port: 80
+ Start Time: 2023-07-02 12:02:03 (GMT6)
---------------------------------------------------------------------------
+ Server: cloudflare
+ /: The X-Content-Type-Options header is not set. This could allow the
user agent to render the content of the site in a different fashion to the
MIME type. See: https://www.netsparker.com/web-vulnerability-
scanner/vulnerabilities/missing-content-type-header/
+ All CGI directories 'found', use '-C none' to test none
+ /cdn-cgi/trace: Retrieved access-control-allow-origin header: *.
+ /cdn-cgi/trace: Cloudflare trace CGI found, which may leak some
system information.
+ 26662 requests: 0 error(s) and 3 item(s) reported on remote host
+ End Time: 2023-07-02 12:18:25 (GMT6) (982 seconds)
---------------------------------------------------------------------------
5

Recommended

So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in CybersecurityTeri Radichel
 
Sandbox kiev
Sandbox kievSandbox kiev
Sandbox kievuisgslide
 
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry:  Normshield Executive Presentation2017 Cyber Risk Grades by Industry:  Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive PresentationNormShield, Inc.
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec TrainingMike Spaulding
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsBen Rothke
 
Internal penetration test_hitchhackers_guide
Internal penetration test_hitchhackers_guideInternal penetration test_hitchhackers_guide
Internal penetration test_hitchhackers_guideDarin Fredde
 

More Related Content

Similar to Penetration testing by Burpsuite

IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET Journal
 
Penetration testing using metasploit framework
Penetration testing using metasploit frameworkPenetration testing using metasploit framework
Penetration testing using metasploit frameworkPawanKesharwani
 
27.2.15 lab investigating a malware exploit
27.2.15 lab   investigating a malware exploit27.2.15 lab   investigating a malware exploit
27.2.15 lab investigating a malware exploitFreddy Buenaño
 
Threat Modeling
Threat ModelingThreat Modeling
Threat Modelingkeyuradmin
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats FasterForce 3
 
Vulnerability Penetration Test
Vulnerability Penetration TestVulnerability Penetration Test
Vulnerability Penetration TestTanya Williams
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019Alexander Master
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunk
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015   sebaSolvay secure application layer v2015   seba
Solvay secure application layer v2015 sebaSebastien Deleersnyder
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Automating cloud security - Jonny Griffin
Automating cloud security - Jonny GriffinAutomating cloud security - Jonny Griffin
Automating cloud security - Jonny GriffinJonnathan Griffin
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For CybersecurityNathan Anderson
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedfangjiafu
 
Application security Best Practices Framework
Application security   Best Practices FrameworkApplication security   Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
MIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptxMIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptxCouronne1
 

Similar to Penetration testing by Burpsuite (20)

IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit Framework
 
Penetration testing using metasploit framework
Penetration testing using metasploit frameworkPenetration testing using metasploit framework
Penetration testing using metasploit framework
 
27.2.15 lab investigating a malware exploit
27.2.15 lab   investigating a malware exploit27.2.15 lab   investigating a malware exploit
27.2.15 lab investigating a malware exploit
 
Threat Modeling
Threat ModelingThreat Modeling
Threat Modeling
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats Faster
 
Vulnerability Penetration Test
Vulnerability Penetration TestVulnerability Penetration Test
Vulnerability Penetration Test
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based security
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015   sebaSolvay secure application layer v2015   seba
Solvay secure application layer v2015 seba
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
Automating cloud security - Jonny Griffin
Automating cloud security - Jonny GriffinAutomating cloud security - Jonny Griffin
Automating cloud security - Jonny Griffin
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
 
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
 
ITrust Whitepaper: Top 10 vulnerabilities
ITrust Whitepaper: Top 10 vulnerabilitiesITrust Whitepaper: Top 10 vulnerabilities
ITrust Whitepaper: Top 10 vulnerabilities
 
Application security Best Practices Framework
Application security   Best Practices FrameworkApplication security   Best Practices Framework
Application security Best Practices Framework
 
MIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptxMIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptx
 

Recently uploaded

ppt penjualan berbasis online omset.pptx
ppt penjualan berbasis online omset.pptxppt penjualan berbasis online omset.pptx
ppt penjualan berbasis online omset.pptxHizkiaJastis
 
Operations Data On Mobile - inSis Mobile App - Sample Screens
Operations Data On Mobile - inSis Mobile App - Sample ScreensOperations Data On Mobile - inSis Mobile App - Sample Screens
Operations Data On Mobile - inSis Mobile App - Sample ScreensKondapi V Siva Rama Brahmam
 
What is the value of your Data v3.0.pptx
What is the value of your Data v3.0.pptxWhat is the value of your Data v3.0.pptx
What is the value of your Data v3.0.pptxJose Briones
 
Big Data - large Scale data (Amazon, FB)
Big Data - large Scale data (Amazon, FB)Big Data - large Scale data (Amazon, FB)
Big Data - large Scale data (Amazon, FB)CUO VEERANAN VEERANAN
 
Lies and Myths in InfoSec - 2023 Usenix Enigma
Lies and Myths in InfoSec - 2023 Usenix EnigmaLies and Myths in InfoSec - 2023 Usenix Enigma
Lies and Myths in InfoSec - 2023 Usenix EnigmaAdrian Sanabria
 
SABARI PRIYAN's self introduction as reference
SABARI PRIYAN's self introduction as referenceSABARI PRIYAN's self introduction as reference
SABARI PRIYAN's self introduction as referencepriyansabari355
 
AWS Identity and access management for users
AWS Identity and access management for usersAWS Identity and access management for users
AWS Identity and access management for usersStephenEfange3
 
data analytics and tools from in2inglobal.pdf
data analytics  and tools from in2inglobal.pdfdata analytics  and tools from in2inglobal.pdf
data analytics and tools from in2inglobal.pdfdigimartfamily
 
IIBA Adl - Being Effective on Day 1 - Slide Deck.pdf
IIBA Adl - Being Effective on Day 1 - Slide Deck.pdfIIBA Adl - Being Effective on Day 1 - Slide Deck.pdf
IIBA Adl - Being Effective on Day 1 - Slide Deck.pdfAustraliaChapterIIBA
 
Tips to Align with Your Salesforce Data Goals
Tips to Align with Your Salesforce Data GoalsTips to Align with Your Salesforce Data Goals
Tips to Align with Your Salesforce Data GoalsDataArchiva
 
A Gentle Introduction to Text Analysis :)
A Gentle Introduction to Text Analysis :)A Gentle Introduction to Text Analysis :)
A Gentle Introduction to Text Analysis :)UNCResearchHub
 
Industry 4.0 in IoT Transforming the Future.pptx
Industry 4.0 in IoT Transforming the Future.pptxIndustry 4.0 in IoT Transforming the Future.pptx
Industry 4.0 in IoT Transforming the Future.pptxMdRafiqulIslam403212
 
SABARI PRIYAN's self introduction as a reference
SABARI PRIYAN's self introduction as a referenceSABARI PRIYAN's self introduction as a reference
SABARI PRIYAN's self introduction as a referencepriyansabari355
 
Artificial Intelligence and its Impact on Society.pptx
Artificial Intelligence and its Impact on Society.pptxArtificial Intelligence and its Impact on Society.pptx
Artificial Intelligence and its Impact on Society.pptxVighnesh Shashtri
 
Web 3.0 in Data Privacy and Security | Data Privacy |Blockchain Security| Cyb...
Web 3.0 in Data Privacy and Security | Data Privacy |Blockchain Security| Cyb...Web 3.0 in Data Privacy and Security | Data Privacy |Blockchain Security| Cyb...
Web 3.0 in Data Privacy and Security | Data Privacy |Blockchain Security| Cyb...Cyber Security Experts
 
Generative AI Rennes Meetup with OVHcloud - WAICF highlights & how to deploy ...
Generative AI Rennes Meetup with OVHcloud - WAICF highlights & how to deploy ...Generative AI Rennes Meetup with OVHcloud - WAICF highlights & how to deploy ...
Generative AI Rennes Meetup with OVHcloud - WAICF highlights & how to deploy ...Thibaud Le Douarin
 
Soil Health Policy Map Years 2020 to 2023
Soil Health Policy Map Years 2020 to 2023Soil Health Policy Map Years 2020 to 2023
Soil Health Policy Map Years 2020 to 2023stephizcoolio
 

Recently uploaded (18)

ppt penjualan berbasis online omset.pptx
ppt penjualan berbasis online omset.pptxppt penjualan berbasis online omset.pptx
ppt penjualan berbasis online omset.pptx
 
Operations Data On Mobile - inSis Mobile App - Sample Screens
Operations Data On Mobile - inSis Mobile App - Sample ScreensOperations Data On Mobile - inSis Mobile App - Sample Screens
Operations Data On Mobile - inSis Mobile App - Sample Screens
 
What is the value of your Data v3.0.pptx
What is the value of your Data v3.0.pptxWhat is the value of your Data v3.0.pptx
What is the value of your Data v3.0.pptx
 
Big Data - large Scale data (Amazon, FB)
Big Data - large Scale data (Amazon, FB)Big Data - large Scale data (Amazon, FB)
Big Data - large Scale data (Amazon, FB)
 
Lies and Myths in InfoSec - 2023 Usenix Enigma
Lies and Myths in InfoSec - 2023 Usenix EnigmaLies and Myths in InfoSec - 2023 Usenix Enigma
Lies and Myths in InfoSec - 2023 Usenix Enigma
 
SABARI PRIYAN's self introduction as reference
SABARI PRIYAN's self introduction as referenceSABARI PRIYAN's self introduction as reference
SABARI PRIYAN's self introduction as reference
 
AWS Identity and access management for users
AWS Identity and access management for usersAWS Identity and access management for users
AWS Identity and access management for users
 
data analytics and tools from in2inglobal.pdf
data analytics  and tools from in2inglobal.pdfdata analytics  and tools from in2inglobal.pdf
data analytics and tools from in2inglobal.pdf
 
IIBA Adl - Being Effective on Day 1 - Slide Deck.pdf
IIBA Adl - Being Effective on Day 1 - Slide Deck.pdfIIBA Adl - Being Effective on Day 1 - Slide Deck.pdf
IIBA Adl - Being Effective on Day 1 - Slide Deck.pdf
 
Tips to Align with Your Salesforce Data Goals
Tips to Align with Your Salesforce Data GoalsTips to Align with Your Salesforce Data Goals
Tips to Align with Your Salesforce Data Goals
 
A Gentle Introduction to Text Analysis :)
A Gentle Introduction to Text Analysis :)A Gentle Introduction to Text Analysis :)
A Gentle Introduction to Text Analysis :)
 
Electricity Year 2023_updated_22022024.pptx
Electricity Year 2023_updated_22022024.pptxElectricity Year 2023_updated_22022024.pptx
Electricity Year 2023_updated_22022024.pptx
 
Industry 4.0 in IoT Transforming the Future.pptx
Industry 4.0 in IoT Transforming the Future.pptxIndustry 4.0 in IoT Transforming the Future.pptx
Industry 4.0 in IoT Transforming the Future.pptx
 
SABARI PRIYAN's self introduction as a reference
SABARI PRIYAN's self introduction as a referenceSABARI PRIYAN's self introduction as a reference
SABARI PRIYAN's self introduction as a reference
 
Artificial Intelligence and its Impact on Society.pptx
Artificial Intelligence and its Impact on Society.pptxArtificial Intelligence and its Impact on Society.pptx
Artificial Intelligence and its Impact on Society.pptx
 
Web 3.0 in Data Privacy and Security | Data Privacy |Blockchain Security| Cyb...
Web 3.0 in Data Privacy and Security | Data Privacy |Blockchain Security| Cyb...Web 3.0 in Data Privacy and Security | Data Privacy |Blockchain Security| Cyb...
Web 3.0 in Data Privacy and Security | Data Privacy |Blockchain Security| Cyb...
 
Generative AI Rennes Meetup with OVHcloud - WAICF highlights & how to deploy ...
Generative AI Rennes Meetup with OVHcloud - WAICF highlights & how to deploy ...Generative AI Rennes Meetup with OVHcloud - WAICF highlights & how to deploy ...
Generative AI Rennes Meetup with OVHcloud - WAICF highlights & how to deploy ...
 
Soil Health Policy Map Years 2020 to 2023
Soil Health Policy Map Years 2020 to 2023Soil Health Policy Map Years 2020 to 2023
Soil Health Policy Map Years 2020 to 2023
 

Penetration testing by Burpsuite

  • 1. SECURITY ASSESSMENT REPORT By Ayon Debnath Certified Ethical Hacker || Penetration Tester
  • 2. 1 C O N T E N T P A G E Executive Summary 2 1. 2.Sub-domain list 3 3.Nmap Scan on main domain 4 4.Nikto Scan on main domain 5 5.Slilpfish Scan on main domain 6 6.Security Header Scan 7-9 8. Burpsuite Scan 10-12 9.High Risk Vulnerabilities 13-15 10.Meduim Risk Vulnerabilities 16-17 11.Conclusion 18
  • 3. 2 This report summarizes the findings of a vulnerability testing and bug reportconducted on https://www.securitas.com and its 10 sub-domains . The testing was operated using a different kind of methods, including vulnerability scanning, manual penetration testing, and many other online tools. The testing identified a few types of vulnerabilities in different sub domains and directory here found High risk vulnerabilities is 2 and Medium risk is 2 . The high- risk vulnerabilities represent the most serious threats to the organization's security, and should be addressed as soon as possible.The report includes detailed descriptions of each vulnerability. H I G H Executive Summary M E D U I M L O W 2 2 many
  • 4. W W W . S E C U R I T A S . C O M ( M A I N D O M A I N ) Intelligence.securitas.com Brand.securitas.com Mylearning.securitas.com Flow.securitas.com Solutionsportal.securitas.com Ssmd-dc.securitas.com toolbox.securitas.com support.solutions.securitas.com Projects.europe.securitas.com airflow-ds.sis.securitas.com Sub-domain ( 10 ): 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 3
  • 5. PORT STATE SERVICE VERSION 80/tcp open http Cloudflare http proxy |_http-server-header: cloudflare |_http-title: Did not follow redirect to https://www.securitas.com/ 443/tcp open ssl/http Cloudflare http proxy |_http-title: securitas.com | http-robots.txt: 3 disallowed entries |_/Static/ /controllers/ /helpers/ |_http-server-header: cloudflare | ssl-cert: Subject: commonName=sni.cloudflaressl.com/organizationName=Cloudflare, Inc./stateOrProvinceName=California/countryName=US | Subject Alternative Name: DNS:www.securitas.com, DNS:sni.cloudflaressl.com | Not valid before: 2022-10-14T00:00:00 |_Not valid after: 2023-10-14T23:59:59 8080/tcp open http Cloudflare http proxy |_http-server-header: cloudflare |_http-title: Attention Required! | Cloudflare 8443/tcp open ssl/http Cloudflare http proxy | ssl-cert: Subject: commonName=sni.cloudflaressl.com/organizationName=Cloudflare, Inc./stateOrProvinceName=California/countryName=US | Subject Alternative Name: DNS:www.securitas.com, DNS:sni.cloudflaressl.com | Not valid before: 2022-10-14T00:00:00 |_Not valid after: 2023-10-14T23:59:59 |_http-server-header: cloudflare |_http-title: Attention Required! | Cloudflare Nmap Scan on main domain 4
  • 6. Nikto Scan on main domain - Nikto v2.5.0 --------------------------------------------------------------------------- + Target IP: 104.18.24.154 + Target Hostname: 104.18.24.154 + Target Port: 80 + Start Time: 2023-07-02 12:02:03 (GMT6) --------------------------------------------------------------------------- + Server: cloudflare + /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability- scanner/vulnerabilities/missing-content-type-header/ + All CGI directories 'found', use '-C none' to test none + /cdn-cgi/trace: Retrieved access-control-allow-origin header: *. + /cdn-cgi/trace: Cloudflare trace CGI found, which may leak some system information. + 26662 requests: 0 error(s) and 3 item(s) reported on remote host + End Time: 2023-07-02 12:18:25 (GMT6) (982 seconds) --------------------------------------------------------------------------- 5
  • 7. SkipFish Scan on main domain 6
  • 8. Security Header Scan on main domain and subdomain 7
  • 9. 8
  • 10. 9
  • 11. Burpsuite Scan on main domain and subdomain Using burpsuite i find few responsive vulnerabilities here we find two high risk vulnerabilities the are sql injection and client side desync on different sub-domian. I also find two meduim risk vulnerabilities 3/4 sub- domain different directory they are HTTP request sumggeling and TSL certificate problem . The table below shows the numbers of issues identified in different categories. Issues are classified according to severity as High, Medium, Low or Information. This reflects the likely impact of each issue for a typical organization. Issues are also classified according to confidence as Certain, Firm or Tentative. This reflects the inherent reliability of the technique that was used to identify the issue. sql injection client side desync on different High Risk HTTP request sumggeling TSL certificate problem . Meduim Risk 1 0
  • 12. 1 1
  • 13. 1 2
  • 16. 1 5
  • 19. In conclusion, the vulnerability testing conducted on https://www.securitas.com/ systems, applications, and networks have identified significant security weaknesses. These vulnerabilities could potentially lead to unauthorized access, data breaches, and service disruptions. It is crucial that https://www.securitas.com immediate action to address the high severity vulnerabilities, as they pose the greatest risk. Additionally, educating employees on secure practices, establishing an incident response plan, and regularly updating security controls are vital steps to ensure ongoing protection against emerging threats. By following these recommendations and maintaining a proactive approach to security, https://www.securitas.com/ can significantly improve its security posture and maintain the trust of its stakeholders. Remember, vulnerability management is an ongoing process, and it is important to regularly reassess and update security measures to stay ahead of potential . 1 8 Conclusion