top of page

Vulnerability Assessment

Update: April 2021

As part of the digital security service, entrepreneurships (duda de traducción) are entitled to 1 vulnerability test per month to your website or app.

 

The test is applied to 1 url where the website or app is hosted. Thanks to this test the most superficial and typical breaches that a hacker would find attacking a site or App are found.

 

The tools on which the safety team relies for these tests are as follows:

 

Burp Suite

Nessus

Acunetix

This tools helps us to:

 

  • Manage records (falta precisión para traducción) to track vulnerabilities found in the site/app.

  • Automatically update plugins to update the vulnerability and malware database.

  • scan with advanced crawling algorithms that simulate how a human dodges penetration obstacles.

  • Manage dynamic content, analyze even with unstable internet connection, different types of APIs and most web applications, including one-page applications with HTML5, and JavaScript elements.

  • Use a hybrid technology designed to minimize the signal-to-noise ratio of false positives and maximize coverage. In particular, the OAST test produces a very low false positive rate while opening up the type of vulnerabilities it encounters.

  • Use location fingerprint technology to avoid bottlenecks and therefore dramatically reduce the number of requests in the scanner execution.

  • Identify interactions between the target and external servers which allows finding bugs that are invisible to conventional scanners including asynchronous SQL injections and blind SSRF

  • Detect vulnerabilities including SQ injections, XSS, configuration errors, weak passwords, exposed databases and out-of-band vulnerabilities such as:

 

  • Blind XML/SOAP injection

  • Blind XSS (Delayed XSS)

  • Host header attack

  • Out-of-Band Remote Code Execution (OOB RCE)

  • Out-of-Band SQL injection (OOB SQL)

  • Email header injection

  • Server-side request forgery (SSRF)

  • XML external entity injection (XXE)

  • Out of Band Command Injection 

  • XXE: Out-of-Band.

When vulnerabilities are found, monthly reports are prepared with recommendations to mitigate the maximum number of breaches found.

 

For any questions please contact us at somos@unitti.com or schedule a meeting.

bottom of page