Also called Blackbox testing where the idea is to test the website or application exactly as would do it a malicious user.
Using a combination of automatic and manual tools we can ensure maximum coverage and provide precise information on what things need to solved for maximum security.
This is an interesting option when you can not provide access to the source code for various reasons (property rights, company policies, etc.). Obviously, the best results are achieved in a combination of this method and source code review.
Vulnerability assessments of web, desktop and mobile applications
The field of information security is large and complex and each area of work requires a lot of experience and a great effort to keep up with changes and technological advances.
In Arduino Security we are totally focused on application and infrastructure security and our efforts are related to the techniques and technologies involved in the safest possible development process.
We perform Penetration Tests application services to examine the risks and vulnerabilities in the applications of your company. Our services include a full report on the identified vulnerabilities, the risk level of the each one and the most appropriate remediation plan.
Our work style blends the best of both worlds, we use the most sophisticated automated tools, but also invest all the necessary time in manual and handicraft review of all possible security holes that can not be detected by automated tools.
We focus our work on the detection of areas of your architecture, such as web servers, programming frameworks, web applications firewalls, programming languages, databases and others and go beyond the OWASP Top Ten Vulnerabilities.
For each vulnerability detected, we exploit it and show the associated risks.
The most common vulnerabilities according to OWASP ranking are:
- SQL Injection
- Cross-Site Scripting (XSS)
- Broken Authentication and Session Management
- Insecure Direct Object References
- Cross-Site Request Forgery (CSRF)
- Security Misconfiguration
- Insecure Cryptographic Storage
- Failure to Restrict URL Access
- Insufficient Transport Layer Protection
- Redirects and Forwards unvalidated
Our reports include Vulnerabilities Identification, Impact Assessment, References, Exploit Tests, Remediation Plans and Executive Summary, as shown in the following examples:
After performed the pentest (aka Penetration Test) we can help your Development Team in the implementation of the recommendations and the adoption of secure development practices.
We work in both languages, Spanish and English.