| |
|
|
Find out what vulnerabilities you have before a malicious hacker does. |
| |
|
What is Application Penetration Testing? |
| |
|
When conducted by an ethical hacker, this is a process where a computer and network professional reviews an application to discover potential and current vulnerabilities on a network. This process is labor-intensive and requires deep knowledge and experience in a variety of different tools and a range of exploits. |
| |
| How is this different from PCI Compliance? |
| |
|
For most retailers, who qualify as 'Level 4' merchants (fewer than 20,000 Visa transactions per year), PCI Compliance utilizes sophisticated and well-established automated tools to discover and report potential vulnerabilities. However, there are limitations to automated tests, and a web application penetration test is designed to more thoroughly analyze an application than can be accomplished through automated tests. |
| |
|
What is an Ethical Hacker? |
| |
|
An Ethical Hacker goes through extensive training to learn a variety of skills and tools to mimic how an accomplished malicious hacker may gain access to your system.
The ethical hacker works for the site owner, instead of against them. |
| |
|
What do you test for? |
| |
We test for a variety of vulnerabilities. These include but are not limited to:
- Input Validation
- Buffer Overflow
- Cross Site Scripting
- URL Manipulation
- SQL Injection
- Cookie Modification
- Bypassing Authentication
- Code Execution
|
| |
|
How do you conduct Application Penetration Testing? |
| |
| We discuss the unique requirements and concerns with each customer, and base our tests and procedures on this. However, a typical process involves the following: |
| |
- Identification of Ports
Ports are scanned and the associated services running are identified
- Software Services Analyzed
After the identification of the services is completed, both automated and manual tested is conducted to discover weaknesses.
- Verification of Vulnerabilities
To help verify the vulnerability is real, we may decide to exploit the weakness to help remediate the issue.
- Remediation of Vulnerabilities
We will work with you to resolve the vulnerabilities, and will re-test to ensure they have been addressed.
In addition to the above, a variety of different tactics are employed to determine if there are any SQL Injection vulnerabilities.
|
|
Sounds great, how do I get started? |
| |
|
The first step is to contact us so we can better understand your situation and what you are looking for. |
| |
| |
