Penetration Testing

Pentesting Methods & Methodology

Bysecuadmin 18 April 202014 February 2021

Secure Code Review
Vulnerability Assessment
Penetration Testing
Secure Code Review

Pure Play White box Security testing
Manual Source code review with automated code scanning using Industry recognized tools
Finds vulnerabilities earlier in the SDLC
Less expensive to fix security vulnerabilities
Covers the latest technologies/programming languages used by developers

Vulnerability Assessment

Pure Play Black Box Security testing
Manual review of vulnerabilities & scan results
Finds vulnerabilities before going to live
Can discover run-time and environment-related issues
Eliminate potential False Positives

Penetration Testing

Mix of Black & White Box Security testing
In-depth manual pentesting using the latest techniques and resources
Involves the target application and the environment around it
Unleash/Uncover potential vulnerabilities among the applications

Penetration Testing

What are XXE(XML External Entity) Attacks?

What is XXE? XXE stands for XML EXTERNAL ENTITY. Before learning about XXE let’s dive in to know about how the HTML document types are defined and what is DTD. What is DTD? DTD is nothing but the abbreviated form of Document Type Definition which defines the structure and the attributes of an XML document….

Mobile Hacking

Best Open Source Mobile Application Security Scanners

Below are some of the best open source mobile application security scanners: OWASP Zed Attack Proxy (ZAP): The OWASP ZAP is one of the world’s most popular mobile app security testing tools that is free to use and is actively maintained by hundreds of volunteers worldwide. OWASP ZAP helps in finding security vulnerabilities automatically in applications during the…

Bug Bounty | Mobile Hacking

Forgot Password Vulnerability leads to Account Takeover

Hello all, recently I have found an “Forgot Password – Account Takeover” vulnerability in one of the famous mobile application (the vulnerability is now fixed). Although, this might not be the new finding or any miracle attack. I just wanted to share this because here I wanted to share how badly the forgot password functionality was…

Penetration Testing

Ruby Based SQL Injection

Hi Readers, I sat to pen down regarding SQL Injection. Being the topmost finding in OWASP’s top 10, the definition and description of SQL Injection and many exercises for hands-on are available online, one being PORT SWIGGGER LABS. I’ve come across SQL injection in a RUBY ON RAILS code which made me share few points regarding…

Penetration Testing

How to Blind SQL Injection?

What is Blind SQL Injection? The word “Blind” here refers to “No error message when suffered by an injection attack”. Thus, it is more difficult to exploit. It returns information, when the application is exploited with SQL payloads that return a ‘true or false’ response from the server. By observing the response, an attacker can…

Penetration Testing

Kubernetes is Here & There

In Present days, container-based microservice architectures have drastically changed the way development and operations teams (DevOps) work, test and deploy applications. Containers help organizations to scale and deploy applications on the fly, but containers have also brought the organizations new additional challenges and complexity. Many businesses are now deploying lots of containers daily as it…

Pentesting Methods & Methodology

What are XXE(XML External Entity) Attacks?

Best Open Source Mobile Application Security Scanners

Forgot Password Vulnerability leads to Account Takeover

Ruby Based SQL Injection

How to Blind SQL Injection?

Kubernetes is Here & There

Contact us

Headquarters, India

Our Services

Similar Posts

Contact us

Headquarters​, India

Our Services

Headquarters, India