The SecureState Profiling Team is well known and highly regarded as experts in Penetration Testing. Our approach follows industry accepted testing methodologies such as PTES, NIST 800-115, OWASP and OSSTMM. By following these methodologies, our clients can accurately replicate the testing SecureState has performed in their own environment to accurately mitigate identified vulnerabilities. The Profiling Team also helps identify strategic “root cause” issues through our Penetration Tests. SecureState's Risk Management Team is uniquely positioned to work closely with the Profiling Team in order to assist clients with mitigating these strategic “root cause” issues.
Phase I – Pre-engagement Interactions:
In this phase, SecureState works with the client to establish the rules of engagement as well as the scope, and exchange contact information for both parties. SecureState provides a detailed Project Charter which contains information on scope and everything that will be required to conduct the testing. In addition, The Project Charter is discussed during the kickoff call prior to the beginning of the engagement. Lastly, SecureState requests two sets of credentials for each user role to be tested. For example, SecureState will test the roles of a standard user, as well as an administrator account during the Grey Box WAS Assessment.
Phase II – Information Gathering:
SecureState identifies application entry points, search engine reconnaissance, and analysis of error codes. Additionally, SecureState manually maps the application to collect session information as well as cookies and business logic information.
Phase III – Configuration Management Testing:
In this phase, SecureState tests for HTTP methods, SSL weaknesses, and infrastructure configuration management vulnerabilities.
Phase IV – Authentication Testing:
SecureState tests for user enumeration, brute force testing, and authentication bypass vulnerabilities.
Phase V – Session Management Testing:
In this phase, SecureState tests for session fixation, session variables, and testing for CSRF (Cross-Site Request Forgery).
Phase VI – Authorization Testing:
SecureState tests for Path Traversal, User Roles and Permissions Testing, and Privilege Escalation vulnerabilities.
Phase VII – Business Logic Testing:
SecureState manually looks at ways to bypass the business logic of the application. This can be as simple as parameter manipulation, or modifying the logic of the application via a web proxy.
Phase VIII – Data Validation Testing:
SecureState tests for XSS (Cross-Site Scripting), SQL Injection and other code injection flaws. As well as HTTP Response Splitting.
Phase IX – Other Testing if Applicable:
SecureState will test for specific vulnerabilities in heavy Ajax enabled applications. Additionally, per client request, Denial of Service testing will be conducted. This type of testing is normally not conducted unless authorized by the client.
Phase X – Reporting:
As part of the deliverable, SecureState provides a report which contains a short, graphical summary aimed at senior management, a narrative body which details major findings, and a detailed findings section aimed a technical staff. SecureState also provides a closing call and a high-level executive presentation to summarize the testing; as well as provide an opportunity to ask questions about the engagement.