TECMASTERS SECURITY SERVICES LTD
Discreet, Professional, Customer Focused Technical Security Consultants
Tel: 07531 669916
PENETRATION TESTING
Web application Penetration Testing
Our service
Our web application Penetration Tests are custom tailored to the scope that is agreed upon before the audit begins. We use the same methods and tools that are used by real attackers, and by doing so we identify any entry points that can be used to compromise the web application. As opposed to a vulnerability scan, all testing is done manually to ensure that the audit is as thorough as possible.
This audit will allow you to:
Know whether your web application is at risk from an external attack
Identify and mitigate vulnerabilities that can be exploited by an attacker
Understand how an attacker works
Obtain realistic, fact-based findings and recommendations
Methodology
The manual testing is done by intercepting and manipulating all the HTTP requests between the client browser and the web application server using proxy software such as Burpsuite or Zap.
This software allows us to visualize all data and parameters that are used by the application, and the manipulation of these elements shows the presence of vulnerabilities.
The audit follows the methodology outlined by the OWASP project and the priority is to identify the presence of the most common and impactful vulnerabilities which are described in the OWASP top ten project.
The testing is separated into two phases:
Passive phase
During the first phase, the auditor tries to understand the application logic and scope by browsing the audited application. Tools such as an HTTP proxy are used to get as much information as possible without actively attacking the application. At the end of this phase, the tester should understand the entry points that can be used to attack the application (forms, URL parameters, cookies, HTTP headers, etc.).
Active phase
Using the information gathered during the previous phase, all of the identified entry points are tested for vulnerabilities. At this point the tester has a good idea of the workings of the web application and the underlying technologies (databases management systems, web server, programming language, software versions, etc.) which gives a good idea of the tests that need to be done.
Once the testing is complete, all identified vulnerabilities are put in the final report as detailed notices. These notices describe the vulnerability, the potential impact associated with it, and the recommendation to mitigate it.
Network Penetration Testing
Our service
The network penetration test aims to assess the security level of a corporate network or domain. Once given access to the corporate network, the tester will attempt to elevate his privileges on the domain until obtaining domain administrator rights.
This audit will allow you to:
Evaluate the level of security of your corporate network
Identify weak points / vulnerabilities present on the network
Gain experience in stopping a real life attack
Show how impactful a real attack on your network can be
Methodology
Once the auditors are given access to the corporate network, they begin gathering information such as network structure, OS versions, VLANs and any other information that can be used to identify vulnerabilities.
The testing is separated into several phases:
Reconnaissance
Reconnaissance is the act of gathering preliminary data or intelligence on your target. The data is gathered in order to organize the following phases of the audit. Reconnaissance can be performed actively (meaning that you are interacting with the target) or passively (meaning that your recon is being performed through an intermediary).
Scanning
The scanning phase requires the application of tools and software to gather further intelligence on your target, more specifically the systems and network equipment that are present in the network infrastructure.
Gaining Access
Gaining access requires taking control of one or more network devices in order to either extract data from the target, or to use that device to then launch attacks on other targets.
Elevating privileges
Using information and rights gained during the previous phases, the testers should have compromised one or more servers, which they can search for additional credentials, and gain additional rights on the domain. This elevation continues until domain administrator privileges are obtained and the testing is finished.
Cleaning up
The final phase of the audit it to remove all traces and files that were made during the audit. This ensures that no additional security problems are caused by the audit, and that the network is left in the exact same state it was in as before.
After the testing is complete, as with the Web Application Penetration Test, all identified vulnerabilities are put into the final report as detailed notices. As well as these notices, there is also a detailed account of the timeline of the audit. This shows what vulnerabilities were used to compromise the network. Each vulnerability comes with a recommendation to mitigate it.
Configuration Audit
Our service
A configuration audit complements a penetration test by testing the compliance of the audited servers to security best practices guidelines. Tests include checking that software is up to date, the presence of dangerous binaries, SSH configuration, dangerous registry settings, OS versions, and many more.
The notices that are made during a configuration test are generally less critical than those made during a penetration test, but allow very thorough hardening of the audited servers and equipment.
Methodology
The audit is done by generating a script tailored to the OS of the audited server, which must be run with an administrator account. The scripts will make a dump of the server configuration which will be stored in an archive that must be sent back to the auditor.
Once the archive is received, the configuration dump is analyzed and all differences between the latest security guidelines are made into notices in the final report. These notices take into account the potential impact associated with the notice and the probability that it could be exploited by an attacker.