Security audit includes:
Stage 0. Collection of information.
The first stage of the audit of any system begins with the collection of the maximum amount of information about the target (OSINT - search, collection, and analysis of information obtained from publicly available sources). Collecting all the information from a single source is almost never possible. Instead, data must be collected from many different places (database, HTML code, news feeds, etc.) to make up a complete picture from pieces of a puzzle. With the right approach, you can identify potential vulnerabilities and outline possible attack vectors for a designated target. This is the most critical stage of the system audit, which often takes up most of the time.
- Search in open sources;
- Collection of basic information;
- Collection of information about the domain and hosting;
- Search Engine Dorks;
- Search for user accounts.
Stage 1. Scanning the system.
Port scanning is the first stage of active reconnaissance and, perhaps, one of the main ones. At this stage, weaknesses in the network are identified, through which penetration into the system will be carried out in the future. In addition, this method allows you to identify active machines running on the target organization's network and the software installed on them, running network services, operating system versions, etc.
- Identification of active hosts;
- UDP scanning;
- Obtaining information from the DNS server;
- Interaction with the DNS server;
- A search of domain names;
- Iteration of reverse records;
- DNS zone transfer;
- Obtaining information using SNMP;
- Getting information using NetBIOS;
- Null session;
- Work with e-mail;
- Banner analysis;
- Receiving information from an NTP server;
- OS definition;
- Identification of used services/framework/CMS;
- Building a network map.
Stage 2. Search for vulnerabilities.
The popularity of web applications is constantly growing. If earlier web pages were only laid out in HTML and were nothing more than a simple documents, now almost any site is a complex software product with many plug-in components. The program code is executed on the server side, and the user is given only the result of his work. Hacking a web application becomes possible for two reasons:
- Check for known vulnerabilities;
- Checking for the use of potentially vulnerable technologies;
- Check for weak system passwords.
- Cross-Site Scripting (XSS);
- Cross-Site Request Forgery (CSRF);
- SQL Injection;
- URL redirection;
- Remote XSL inclusion;
- DOM XSS;
- Blind SQL/X Path Injection;
- Code Execution;
- Input Validation;
- Directory Traversal;
- HTTP Parameter Pollution;
- File Inclusion;
- Script Source Code Disclosure;
- CRLF Injection;
- Cross Frame Scripting (XFS);
- Code Injection;
- XPath Injection;
- Path Disclosure;
- LDAP Injection;
- Cookie Manipulation.
- Search for backup files, logs, and statistics;
- Search for hidden files and directories;
- Check for directory listings;
- Checking for source code disclosure;
- Checking for git directory expansion.
Stage 3. Providing a report.
After all the steps described above have been completed, we will provide you with a report on the completed audit. The report begins with a brief overview of the testing process. Then, if necessary, the technical details of each step are described. The report will also provide lists of found vulnerabilities and their analysis, grouped by their severity: critical, influential, and minor.
- Scenarios and descriptions of all successful attacks;
- Detailed information about the data received during the test;
- Detailed information about all found vulnerabilities;
- Description of all found vulnerabilities;
- Suggestions and technical solutions to fix the found vulnerabilities.