Our Application Vulnerability Testing methodology is inspired from the SANS’ 4 stage- Reconnaissance, Mapping, Discovery (Vulnerability Assessment) and Exploitation (Penetration Testing) methodology.
The first step in a Vulnerability Assessment and/or Penetration Test, it’s also the most important process. In this phase, the testing team shall perform active and passive reconnaissance of the target system
During the Mapping phase, we identify all the publicly available services running in the target system. In case of a Web Application Penetration Test, we discover all the pages, files, and directories present in the web application environment.
Discovery – a critical phase of the Penetration Test, starts with the testing team identifying all possible vulnerabilities in the target system. Here, we utilize automated and manual discovery processes to identify the most deep-seated vulnerabilities – the result of:
During web application Penetration Tests, we also perform Business Logic Security Testing, which identifies business logic flaws (not identifiable by any tool or automated vulnerability scanning).
During Exploitation, the testing team launches exploits against the target system based on the vulnerabilities discovered in Discovery. Our exploitation techniques are predominantly manual, with a healthy combination of automated exploit tools at our disposal.
Aim of the Green Method proof-of-concept exploits –
Every report must have the following inclusions: