This assessment involves the enumeration of vulnerabilities and risks that are accessible from the Internet – the “hacker’s perspective” – and includes expert manual validation and penetration testing. SJULTRA starts by using a cross section of best-of-breed scanning tools to harvest vulnerability data. Our experts then validate all results to eliminate false positives and uncover any other vulnerabilities that may have initially escaped detection. To the extent possible (without damaging systems or data) identified vulnerabilities are exploited to assess their real severity, the level of exposure they may allow, and the potential impact of a breach.
Targets of this assessment include servers, applications (without credentials – see note), firewalls, routers, load balancers, VPNs, and any other perimeter or Internet-facing information assets. Protection measures are evaluated in terms of their ability to maintain the confidentiality, integrity and availability of networks, systems, applications, and data. As part of the PSA, penetration testing (without credentials) is performed on critical applications.
The types of security issues identified during the PSA include SQL injection, URL injection, CSRF injection, directory traversal, auth vulnerabilities, AJAX vulnerabilities, insecure direct object references, security misconfigurations, sensitive data exposure, missing function level access controls, buffer overflows, missing patches, vulnerable versions, insecure credentials, and many others. Goals for the exercise include unauthorized access and privilege escalation as well as an analysis of availability (DOS) risks.
Note: For in-depth, credentialed and non-credentialed testing of applications see our Application Security Assessment – AppSA.