Gtron Solutions

Website Security Assessment

 Print E-mail

While we will customize each website risk assessment to meet the needs of each client individually, there are essentially three different kinds of website assessments we offer: premium, basic, and online. Below you will find what is included in each assessment. Learn more about our services>

 

Basic & Web Auditor Plus Checks
» Web Engine
Cross-site Script Injection
File Upload
Interesting Files
Interesting Logs
Misconfiguration
Default Files
Information Disclosure
Injection (XSS/Script/HTML)
Remote File Retrieval - Inside Web Root
Remote File Retrieval - Server Wide
Denial of Services
Command Execution
Remote Shell
SQL Injection
Authentication Bypass
Software Identification
• Generic (Don't rely on banner)
Premium Website Security Assessment
» Web Engine
Web Spider
» Custom Design Errors
Cross-site Script Injection
Database Tampering - SQL Injection , including:
• Direct mode
• Blind mode
Buffer & Integer Overflow attack
Format String attack
File & Directories Tampering , including:
• Backup Files Discovery
• Configuration Files Discovery
• Password Files Discovery
• Information Leakage Discovery
Parameter Tampering , including:
• Special Parameter Addition attacks
• Boolean Parameter Tampering attacks
• Hidden Parameter Discovery
• Parameter Deletion attacks
• Remote Execution attacks
• File & Directory traversal attacks
• Header Splitting & CRLF Injection attacks
• Remote File Include PHP-based attacks
Check for Suspicious Values in Web Form Hidden Fields
Custom Signature Check (via Signature Editor)
» Web Server Exposure
Web Server Infrastructure Analysis , including:
• Web Server & Platform version vulnerabilities
• SSL encryption and x.509 certificate vulnerabilities
• HTTP Method Discovery
• HTTP Fingerprint , including:
• Web Server Fingerprint
• Web Server technology Discovery
• Directory Brute-Force
• HTTP Protocol vulnerabilities
» Web Signature Attacks
Web Attack Signatures , including:
• IIS CGI Decode Test
• IIS Extended Unicode Test
• IIS File Parsing Test
• FrontPage Security Test
• Lotus Domino Security Test
• General CGI Security Test
• HTTP Devices Security Test (routers, switches)
• Windows-based CGI Security Test
• PHP Web Application Security Test
• ASP Web Application Security Test
• J2EE Web Application Security Test
• Coldfusion Web Application Security Test
Attack templates such as:
• Complete, SANS/FBI Top10, Top20
» Confidentiality Exposure Checks
Look for Web forms vulnerabilities, including:
• Password cache feature
• Insecure method for sending data
• Lack of Encryption for sensitive data
• Insecure location to send data (leakage)
Information Leakage , including:
• Find directory listing
• Find available objects to download
• Find meta-tag leakage
• Find sensitive keywords in comments and scripts
Compliance analysis, including:
• Find Copyright statements
• Find content rating statements
• Find custom content on web pages and forms
» Cookie Exposure Checks
Cookie Security Analysis , including:
• Find weakness in cookie information
• Find cookies sent without encryption
• Find information leakage in cookie information
• Find cookies vulnerable to malicious client-side script
» File & Directory Exposure Checks
Search for backup files
Search for information leakage files
Search for configuration files
Search for password files
 
[ Back ]
© 2008 GTron Solutions, LLC. All Rights Reserved.
Privacy Policy :: About :: Site Map :: Contact Us :: Terms of Service

 

This page took 0.0697469711304 seconds to load.