Exécution
- Web Application Audits : Flash audits based on the top 10 vulnerabilities referenced by OWASP and Audits ASVS (Application Security Verification Standard).
- Intrusion Test: Attack from the perspective of someone outside the organization (hacker) or internal. Fingerprinting, Vulnerability scanner, Implementation of penetration tests (SQL Injection, XSS, Local File Include, Command Injection).
- Technical risk analysis on IF architecture
- Fuzzing of application
- Audits of configurations
- Audits of applicative architectures & networks
- Post-mortem analysis of a corrupt system
Equipped and safe test platform
- Safe test room
- Application Access via VPN
- W3af, dradis, Metasploit, Burp Proxy
Results
Traceability, coverage and tests progress
- Short summary for decision makers
- Detailed synthesis for developers
- Presentation of test results
- Demonstration of detected faults
