Every business today is reliant upon computerized systems. Without these systems a business simply could not operate efficiently nor competitively. Businesses exchange confidential information (data) with customers every day. This confidential data (credit card numbers, personally identifiable information (PII), or intellectual property) needs to be protected.
A highly effective way to prevent cyber pilfering and other malicious behavior is to test for and close the computer vulnerabilities present in your systems today. The only way to know is to test with a technique commonly refered to as Penetration Testing.
Integris Security's Penetration Testing Services, which simulates a malicious attack, will discover and report accordingly on your businesses individual and unique vulnerabilities. Our team consists of leading industry experts in the field of vulnerability discovery, risk and exploitation.
Integris Security performs the following types of tests:
Input validations refers to an application or operating systems capability to filter, or sanitize, untrustworthy input sources. Weak input validation can lead to Cross Site Scripting (XSS), SQL Injection (SQLi) and other vulnerabilities. This type of vulnerability can result in a complete compromise of a computer system causing loss of sensitive business information and exposure of client information and account security.
Insecure configurations refers to weaknesses in the implementation and configuration of a computer network, networked service, application framework and more. Insecure configurations can lead to complete compromise of a computer system and typically requires a low difficulty to exploit.
Enumeration weaknesses traditionally expose sensitive information about an application of the data it has access to. This information can included details about the types of technologies being used, validity of account information and other sensitive information that can be used in conjunction with other attacks.
Account and Password Policies
Account and password policies will be tested to ensure that industry standards are being enforced. These tests will check for minimum password complexity requirements, transport and storage of passwords, account lockouts and other industry standards.
Encryption mechanisms will be tested to ensure that sensitive information enforces transport and storage security standards and best practices.
Session management security will be tested to ensure that the application properly uses session management mechanisms, are able to prevent session high-jacking and other malicious information which would expose sensitive account information.
Access Controls and Privilege Escalation
Access to sensitive information will be tested across different roles and users. These tests will determine if a users can gain access to information not intended for them.
Outdated and Vulnerable Software
Identified outdated software likely contains multiple types of vulnerabilities including Input Validation, Buffer Overflow/Overrun, Publicly Known Vulnerabilities and Unknown Vulnerabilities. Outdated software is a common cause of a perimeter network breach which can lead to complete compromise of an operating environment.
Web enabled services are reviewed including JSON, SOAP, AJAX, XML-RPC and others are tested for authentication, input validation, encryption strength and all other classes of application vulnerabilities.