To properly crawl an application, no matter what web technology is written in, we need technology.
The engines we use for deep scanning a web application fully replicate user interaction inside of a browser by executing and analysing all JavaScripts
Also, we crawl inside complex web technologies like AJAX, SOAP/ WDSL, SOAP/WCF, Java Frameworks, WADL, XML, AngularJS, EmberJS, JSON, Google Web Toolkit, CRUD, Ruby on Rails.
Code and SQL Injection
SQL Injection are old, but still very diffused hacking techniques: they allow attackers to modify SQL queries in order to gain access to data. Cross-Site scripting attacks allow attackers to execute malicious scripts inside visitors’ browsers possibly leading to the impersonation of that user.
We check in-depth for SQL Injection, Cross-Site Scripting (XSS) Vulnerabilities, Out-of-band SQL Injection and DOM-based XSS.
WordPress vulnerabilities
WordPress websites are scanned for more than 1000 known vulnerabilities in WordPress’ core components, plugins and themes.
Authenticated Web Applications test
Testing authenticated areas of your web applications is absolutely crucial. Providing a testing-purpose user credentials will ensure to perform a full testing coverage. The login sequence tool automates all necessary actions in order to re-play the scanning later, if required.
What happens after the first test
Assuming that after the first scanning the customer will fix the app to ensure proper app security, what will happen next? It depends on the application itself:
- custom-designed web applications may be modified to implement new features; if an human error occurs in programming this could lead to serious vulnerabilities
- standard applications like WordPress, SharePoint, etc., are continuously updated to fix newly discovered vulnerabilities; known vulnerabilities are also known by the hackers that have thousands of automated hacking systems worldwide
- the same happens to underlying operating systems and databases that are updated by vendors and development communities to fix vulnerabilities; serious vulnerabilities can occur if these patches are not applied
We suggest applying for an Optanex scheduled scanning; for every defined period of time a deep scanning will be executed and reports will be sent with application security status.
What you will get
After 24 to 48 hours work time, you’ll receive a summary and a detailed report for each website you have applied for.
Information you will find in the reports
- summary reports are brief, non-technical documents, very useful for the involvement in discussions non-IT C-level executives
- detailed reports are comprehensive, technical documents with all details regarding the (eventual) vulnerabilities; for every vulnerability, the reports specify the components involved in the vulnerability (libraries, scripts, certificates, methods, etc.) and the possible remediations to fix them. Detailed reports can count up to 100 pages, depending on the complexity of the application.
All reports will be sent only to the technical email address you have specified.
Ask for a quote
Apply for an Optanex website vulnerability assessment by compiling the form below; as soon as we’ll receive your request, we’ll inform you if testing is feasible or not.
If it’s feasible, you’ll receive the quote in a few hours and if you decide to proceed our technical staff will start the testing. Note that pricing includes up to three website tests.