The test involves attempting a real attack on the web infrastructure of the organization in order to assess the vulnerability of the web server to intrusion and verifying the compatibility of the server configuration with good IT security practices.
Scope of work:
- Scanning vulnerabilities with professional software
- Verifying the web server configuration: returned headers, used technologies along with versions, available directories
- Scanning the portal to detect management panels
- Attempting to enumerate and break the security of user accounts
- Verifying the SSL/TLS security level for data transmitted via the SSL protocol
- Checking threats to the availability, confidentiality and integrity of processed information
- Verifying the most risky vulnerabilities in the Open Web Application Security Project list
Execution method:
- An external test of one IP address / one web application
- A short summary report in Polish, with attachments containing the results of work of applied tools in English
Benefits:
- Reliable and objective information on the current security status of the web server
- A ready set of recommendations for eliminating threats together with a recommendation for implementation
- Effective spending of budgetary funds by directing investments to areas that really require improvement and reducing security management costs through effective, proactive identification and assessment of threats
- Enhancing the accuracy of business decisions through a precise understanding of the organization’s security status
- Minimizing the risk of reputational damage caused by information leaks and potential legal consequences
Additional information:
- The actions carried out will be documented together with a recommendation of the required actions