Vulnerability Assessment
​
​
Update: April 2021
​
​
As part of the digital security service, entrepreneurships (duda de traducción) are entitled to 1 vulnerability test per month to your website or app.
The test is applied to 1 url where the website or app is hosted. Thanks to this test the most superficial and typical breaches that a hacker would find attacking a site or App are found.
The tools on which the safety team relies for these tests are as follows:
Burp Suite
Nessus
Acunetix
​
This tools helps us to:
-
Manage records (falta precisión para traducción) to track vulnerabilities found in the site/app.
-
Automatically update plugins to update the vulnerability and malware database.
-
scan with advanced crawling algorithms that simulate how a human dodges penetration obstacles.
-
Manage dynamic content, analyze even with unstable internet connection, different types of APIs and most web applications, including one-page applications with HTML5, and JavaScript elements.
-
Use a hybrid technology designed to minimize the signal-to-noise ratio of false positives and maximize coverage. In particular, the OAST test produces a very low false positive rate while opening up the type of vulnerabilities it encounters.
-
Use location fingerprint technology to avoid bottlenecks and therefore dramatically reduce the number of requests in the scanner execution.
-
Identify interactions between the target and external servers which allows finding bugs that are invisible to conventional scanners including asynchronous SQL injections and blind SSRF
-
Detect vulnerabilities including SQ injections, XSS, configuration errors, weak passwords, exposed databases and out-of-band vulnerabilities such as:
-
Blind XML/SOAP injection
-
Blind XSS (Delayed XSS)
-
Host header attack
-
Out-of-Band Remote Code Execution (OOB RCE)
-
Out-of-Band SQL injection (OOB SQL)
-
Email header injection
-
Server-side request forgery (SSRF)
-
XML external entity injection (XXE)
-
Out of Band Command Injection
-
XXE: Out-of-Band.
​
When vulnerabilities are found, monthly reports are prepared with recommendations to mitigate the maximum number of breaches found.
For any questions please contact us at somos@unitti.com or schedule a meeting.