Website penetration test
All software and applications screened, including links and databases
As ethical hackers - the Robin Hoods of the cybersecurity world - we screen your software with laser focus using our state-of-the-art detection techniques.
Our website penetration test
We look into every nook and cranny of your digital environment, which is why we deploy a wide range of testing procedures, including:
- recognised testing standards such as OWASP, OSSTM, CEH/LPT and WASC-TC
- the most professional and best commercial scan engines available on the market, such as Qualys, NetSparker, Acunetix, Tenable and Burp Suite Professional
- Open Source software in, such as Kali, OpenVAS, WebSecurify, Arachni and Nmap
In addition, our Ethical Hackers always test creatively and out-of-the-box, adding plenty of flexibility to the standard procedure in order to achieve a solid end result.
Testing is carried out following three different approaches:
- Black box: the tester has minimal prior knowledge of the systems under test.
- Grey box: the tester has some prior knowledge such as a login account with minimal privileges.
- White box: the tester has full knowledge of the systems under test and often has access to the source code for a code review.
What is our approach?
In a web application scan, our Ethical Hackers scan all your software and applications with laser focus. So, they do not perform one generic scan, but perform a thorough and specific ‘search & destroy’. Together, these in-depth, separate scans provide a detailed insight into the security status of the online services offered.
In a web application scan, we perform the following analyses:
– Advanced vulnerability analysis at various levels within the application such as infrastructure, web server, middleware and application
– Full intelligent scan of all possible services, non-ported and unrestricted where all known vulnerabilities are examined (i.e., not only the most common ones).
– Manual tests and checks for vulnerabilities and configuration errors of offered services.
– Comprehensive tests for proper authorisation segregation of roles within the application.
– Realistic customised scans and audit methodologies, so no standard scans!
– Advanced and deep database exploit tests (SQL injection/cross-site scripting, etc.).
– Clear exposition of the real-life risk of the application(s).
The 5 phases of our analyses
-
Phase 1
We first dive into the infrastructure and services offered and perform a basic public resource search (OSINT). We will passively encode the website and domain and check the web server configuration. We then proceed to perform various port scans and check the SSL/TLS configuration and DNS (SEC). At this stage, all tests are performed using the black box approach and we do not touch the application yet.
-
Phase 2
Next comes the black box assessment of the application, i.e., without the use of accounts. We will analyse the implementation of security headers, look for vulnerabilities in frameworks used, such as Angular and React, and look at sensitive data exposure. Among other things, we will check whether brute force protection is present.
-
Phase 3
Let's take the gloves off! We continue in the grey box phase, where we test the application's authentication and session handling. In this phase, we also test the presence of multifactor authentication and the possibilities of bypassing it. Finally, we scrutinise password reset functions, cookies and authentication tokens.
-
Phase 4
We look for vulnerabilities in the application. Among other things, we test for cross-site scripting (XSS) and SQL Injection. We apply various testing methodologies, including the OWASP Top 10.
-
Phase 5
As in the previous phase, we will proceed manually to address the authorisation separation within the application. To test this properly, it is important that we get access to two test accounts. Optionally, we can also check the e-mail setup. We will then check, among other things, if the domain, mail servers and e-mails have all the authenticity features.
Understanding guarantee
There is nothing more dangerous than a report that is misinterpreted or half-implemented. That is why we guarantee that every IT or security officer in your organisation understands the report 100%. So that you are able to take exactly the right actions quickly and adequately.