All testing performed follows the OWASP v4 guidelines and checklist.
The following tools are commonly used during our web application assessments:
• Burp Suite Pro
• Nessus Vulnerability Scanner
• Dirbuster / Dirb / Dirsearch
• Qualys SSL Scanner
• BuiltWith / whatweb
• Manual Review
All testing performed is based on the NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v4), and customized testing frameworks.
• Planning – Customer goals are gathered and rules of engagement obtained.
• Discovery – Perform scanning and enumeration to identify potential vulnerabilities, weak areas, and exploits.
• Attack – Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.
• Reporting – Document all found vulnerabilities and exploits, failed attempts, and company strengths and weaknesses.