-
7/27/2019 Entersoft Advanced web application penetration testing
1/9
https://entersoft.co.in
Entersoft Information Systems Pvt Ltd
-
7/27/2019 Entersoft Advanced web application penetration testing
2/9
https://entersoft.co.in
is one of the offensive SECURITY AUDITs
is a complex of activities aimed to estimate currentsecurity posture of your application by directlyattacking your application
is != unreal attack activities
is != vulnerabilityassessment
-
7/27/2019 Entersoft Advanced web application penetration testing
3/9
https://entersoft.co.in
Almost equal to real time attack. Realtime assessment
HELPS in
Estimating security posture of your application.
Identifying hackers primary attack vector
Proactively mitigating security risks
Keeping your website LIVE!
-
7/27/2019 Entersoft Advanced web application penetration testing
4/9
https://entersoft.co.in
Finding the entrypointsReconnaissance
Analysis of Errorcodes
Information Gathering
HTTP methods andSSL configurationsanalysis
Infrastructure andserver levelvulnerabilitiesidentification
ConfigurationManagement Testing
Enumerationtechniques and Bruteforcing
Access restrictionstestings
Authentication Testing
-
7/27/2019 Entersoft Advanced web application penetration testing
5/9
https://entersoft.co.in
Session fixation andsession management
vulnerabilities
Session Managementtesting
Path traversal and usermanagement testing
Access and documentcontrol testing
Authorization and accesstesting
AJacking theapplication
Exploiting andcompromisepossibility testings
Data validation testing
-
7/27/2019 Entersoft Advanced web application penetration testing
6/9
https://entersoft.co.in
DOS testingDDOS testing
Web firewalltesting
Web server
Resilience and other testing
PerformingOWASP top 10
AnalyzingOWASP top 10
Identification and Classification[OWASP top 10/WASC]
ClassificationofVulnerabilitiesbased on risksand priority
Reporting
-
7/27/2019 Entersoft Advanced web application penetration testing
7/9https://entersoft.co.in
Reports not to hav e any false positiveso Entersoft promises that its Advanced Web application Penetration
Testing services will provide deliverables or output [PDF/HTMLformatted report] that contains absolutely no false positives
o Entersofts methodology is likely to identify much vulnerability thatgenerally cannot be identified with traditional penetration testingmethods. We use offensive security methodologies. We are Advancedin our tests
No service d isruption o Entersofts Advanced WAPT methodology makes sure your usual
operations are not effected during our penetration testing. We do alot of study before performing a penetration testing
Unusua l testso We provide the following unusual testso DOS and DDOS resilience testingo Zero days an CMS exploits
-
7/27/2019 Entersoft Advanced web application penetration testing
8/9https://entersoft.co.in
Entersofts offensive security experts have enteredhall of fame in the following major technologygiants by continuously submitting Web
application vulnerabilities using our advancedWAPT techniques.
Nokia Maps [XSS] Drop Box [Stored XSS] Uninor [Sensitive information disclosure] Blackberry [XSS] Apptentive [XSS]
-
7/27/2019 Entersoft Advanced web application penetration testing
9/9https://entersoft.co.in
Ph: +91-40 65810005
https://entersoft.co.in/contact