- Views 17
What you get with this Hourlie
You will receive a detailed report, including:
• technical details of potential vulnerabilities,
• non-technical explanations on their potential impact and
• hands-on mitigation strategies to efficiently solve the issues.
The security assessment will check for the top 10 most critical web application security risks according to the Open Web Application Security Project (OWASP). Specifically, your application will be tested (amongst others) against:
• injection flaws (SQL, CRLF, OS command, LDAP, expression language, XPath, etc.),
• broken authentication (URL rewriting, session fixation, weak authentication),
• sensitive data exposure (username exposure, backup file exposure, etc.),
• XML entity attacks (XXE),
• broken access control,
• cross-site scripting (reflected XSS, persistent XSS, DOM-based XSS) and
• weak server-side security.
For a rapid penetration test at a reduced rate, please see my other hourlie (https://bit.ly/2HhbudE).
What the Seller needs to start the work
For a successful assessment the following things are required:
1) The complete URL (including potential sub-paths) to the application under test.
2) A proof of you being the owner of the URL to be tested.
3) An authorization, reflecting that you authorized and assigned me to perform the pen-test on the target.
4) Disabling of any Web Application Firewall running in front of the respective web application is recommended. If the WAF stays enabled, effectively the security of the WAF and _not_ of your web application is tested.
5) Please provide a non-production environment of your web application, as a full-blown penetration system on a live system is highly unrecommended as it can induce increased latency or potential downtimes. In case no test environment can be provided only a subset of the checks can be performed.