Our Approach and
Methodology
The SecureState Profiling Team are well known and highly regarded as
experts in Penetration Testing. Our approach follows industry accepted
testing methodologies such as
PTES,
NIST 800-115,
OWASP and OSSTMM. By following these methodologies, our clients can accurately
replicate the testing SecureState has performed in their own environment
to accurately mitigate identified vulnerabilities. The SecureState
Profiling Team also helps identify strategic “root cause” issues through
our Penetration Tests. Our Risk Management Team is uniquely positioned
to work closely with the Profiling Team in order to assist clients with
mitigating these strategic “root cause” issues.
Phase I – Pre-engagement Interactions:
In this phase, SecureState works with the client to establish the
rules of engagement as well as the scope; and exchange contact
information for both parties. SecureState provides a detailed Project
Charter which contains information on scope and everything that will be
required to conduct the testing. In addition, The Project Charter is
discussed during the kickoff call prior to the beginning of the
engagement. Lastly, SecureState requests two sets of credentials for
each user role to be tested. For example, SecureState will test the
roles of a standard user, as well as an administrator account during the
Grey Box WAS Assessment.
Phase II – Information Gathering:
SecureState identifies application entry points, search engine
reconnaissance, and analysis of error codes. Additionally, SecureState
manually maps the application to collect session information as well as
cookies and business logic information.
Phase III – Configuration Management Testing:
In this phase, SecureState tests for HTTP methods, SSL weaknesses,
and infrastructure configuration management vulnerabilities.
Phase IV – Authentication Testing:
SecureState tests for user enumeration, brute force testing, and
authentication bypass vulnerabilities.
Phase V – Session Management Testing:
In this phase, SecureState tests for session fixation, session
variables, and testing for CSRF (Cross-Site Request Forgery).
Phase VI – Authorization Testing:
SecureState tests for Path Traversal, User Roles and Permissions
Testing, and Privilage Escalation vulnerabilities.
Phase VII – Business Logic Testing:
SecureState manually looks at ways to bypass the business logic of
the application. This can be as simple as parameter manipulation, or
modifying the logic of the application via a web proxy.
Phase VIII – Data Validation Testing:
SecureState tests for XSS (Cross-Site Scripting), SQL Injection and
other code injection flaws. As well as HTTP Response Splitting.
Phase IX – Other Testing if Applicable:
SecureState will test for specific vulnerabilities in heavy Ajax
enabled applications. Addtionally, per client request, SecureState will
conduct Denial of Service testing. This type of testing is normally not
conducted unless authorized by the client.
Phase X – Reporting:
As part of the deliverable, SecureState provides a report which
contains a short graphical summary aimed at senior management, a
narrative body which details major findings, and a detailed findings
section aimed a technical staff. SecureState also provides a closing
call and a high level executive presentation to summarize the testing;
as well as provide an opportunity to ask questions about the engagement.