Unauthorized access to enterprise resources through known and unknown security vulnerabilities is a serious security threat.
When cybercriminals invade, businesses face loss of customer data, loss of customer trust, loss of customers to competitors, business interruption, legal penalties… the damage will be huge.
Cybersecurity Ventures predicts that by 2021, the world will lose 6 trillion USD due to cybercrime.
Gdata experts will maintain and set up separate penetration tests for each business quarter.
Therefore, Gdata’s application maintenance service will evaluate the security of software, server systems, workstations, and network devices by simulating attacks from malicious sources.
| APPLICATION MAINTENANCE STEPS | ||
| 1 | Information collection and survey | – Analyze web spiders, robots and crawlers – Use search engines – Identify application entry points – Identify Web Servers – Scan application information – Analyze error pages |
| 2 | Check configuration | – SSL/TLS protocol testing – Database probing – Web server configuration testing – Web application configuration testing – Analyze how the application handles file names – Find old, cached, and unreferenced files – Admin interface testing – HTTP and XST method testing |
| 3 | Check the authentication section | – Test secure communication channel – Check user enumeration – Find default or easy-to-guess accounts – Brute Force attack – Try to bypass authentication – Test CAPTCHA – Attack “remember password” and password regeneration mechanisms – Escape mechanism and test browser cache management – Test multi-factor authentication – Test race conditions – critical section |
| 4 | Check session management | – Analyze session management mechanism – Check cookie attributes – Check Session Fixation errors – Check session variable protection – Check CSRF errors |
| 5 | Check the authorization process | – Path traversal check – Authorization bypass check – Privilege escalation check |
| 6 | Check data input validation | – Check Reflected XSS – Check Stored XSS – Check DOM XSS – Check Cross Site Flashing – Check SQL Injection – Check ORM Injection – Check LDAP Injection – Check XML Injection – Check SSI Injection – Check XPath Injection – Check IMAP/SMTP Injection – Check Code Injection – Check OS Commanding – Check Buffer overflow – Check for potential vulnerabilities – Check HTTP Splitting/Smuggling |
| 7 | Web Services Review | – Collect WSDL (Web Services Description Language) information – Test WSDL (Web Services Description Language) – Test XML architecture – Test XML content – Test HTTP GET parameters/ REST – Test SOAP – Replay Testing |
| 8 | AJAX Review | Conduct a report on vulnerabilities found during the assessment, testing of the system/application Perform a re-assessment after patching the bugs/vulnerabilities found during the assessment |
Gdata has full OSCP, CEH, CHFI implementation capability certificates and internationally recognized CVE vulnerability identifiers
For more information about the service, please contact:
Service Consulting: 0966 583 085 – Hotline: 1800 4814 – Email: lienhe@gdata.com.vn
![Gdata | [:vi]Chống DDos[:en]Security[:]](https://gdata.com.vn/wp-content/uploads/2024/09/Service-anti-ddos.jpg)
![Gdata | [:vi]Thuê Hardware[:en]Hardware Rental[:]](https://gdata.com.vn/wp-content/uploads/2024/09/Service-thu-hardware.jpg)
![Gdata | [:vi]S3 Storage[:en]Gdata S3[:]](https://gdata.com.vn/wp-content/uploads/2024/09/Service-gdata-s3.jpg)
![Gdata | [:vi]Tích hợp[:en]Solution[:]](https://gdata.com.vn/wp-content/uploads/2024/09/Service-tich-hop-he-thong.jpg)
![Gdata | [:vi]Quản trị Server[:en] Server Administration[:]](https://gdata.com.vn/wp-content/uploads/2024/09/Service-quan-tri-server.jpg)
