Pages

This website has been examined by Wolf Technologies
Website examined on:
20 May 2012

Tests

Here are just a few examples of the test that we could potentially do on your systems

Abrupt session termination :

A Hacker can reroute session identifiers and obtain access to an account, after the victim “thinks” he has disconnected. A hacker can obtain the session IDs from various cookies hidden on a shared computer, or by web pages containing hidden fields, or by the network (tracing or sniffing the wire), etc

Privilege escalation :

Privilege escalation vulnerabilities enable users with less privilege to access pages and run code that should only be permited to power users, admins or user with more privilege. This vulnerability indicates that the right to launch certain actions or to see specific data is not managed on the application server.

Mutual User :

Simultaneous cross-user vulnerabilities will enable a hacker to see sensitive information and in return enable the hacker to execute specific operations that, in theory, should only be accessible to the permitted, normal user.

URL Jump :

URL Jumping (escaping a predetermined action of an application) will enable malicious users to bypass the normal steps set in place by the online application. The end result will be that those users will be able to execute commands in ways that were not planned or that were not thought possible.

Cross-site Request forgery (CSRF) :

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser.

Session fixation :

In computer network security, session fixation attacks attempt to exploit the vulnerability of a system which allows one person to fixate (set) another person’s session identifier (SID). Most session fixation attacks are web based, and most rely on session identifiers being accepted from URLs (query string) or POST data.

Examples of our automated tests:

  • Acquire Session ID
  • Application Exception
  • Application Exception (WS)
  • Authentication Bypass
  • Authorization Boundary
  • Blind SQL Injection
  • Blind SQL Injection (WS)
  • Browse HTTP from HTTPS List
  • Brute Force Login
  • Buffer Overflow
  • Buffer Overflow (WS)
  • Change Password and Email in Same Session
  • Check Basic Authorization over HTTP
  • Check HTTP Methods
  • Cookie Listing
  • Credit Card Disclosure
  • Cross-Frame Scripting
  • Cross-Site Scripting
  • CIA Web Server Configuration
  • Database Server Version Checks
  • Detect Off-Site Images
  • Directory Browsing
  • Document Caching
  • External Applet, Script, or Object
  • File & Directory Discovery
  • Find Pages
  • Form-Based Authentication
  • Format String
  • Format String (WS)
  • Form Caching
  • Forms Submitted Without Using Post
  • GET for POST Hidden Field Listing
  • HTML & JavaScript Comments
  • HTTP Header Listing
  • HTTP Response Splitting
  • Integer Overflow
  • J2EE Session ID Length
  • Lockout
  • No Applets, Scripts, or Objects
  • Non-Masked Password
  • Non-SSL Form
  • Non-SSL Page
  • Non-SSL Password
  • Open Redirect
  • Page Listing
  • Pages Containing Forms
  • Pages Containing Meta Tags
  • Pages Requiring Cookies
  • Pages Specifying a Character Set
  • Password Change
  • Password Autocomplete
  • Phishing Referrer Trust
  • Port Scanner
  • PHP/Perl Code-Injection
  • Privacy Notification
  • Privilege Escalation
  • Register Password
  • Register Unique User
  • Remote File Inclusion
  • Run Traversal Only
  • SE (SmartAttack Engine) Event Reporting
  • Session Hijacking
  • Session ID Randomness
  • Social Insurance Disclosure
  • Social Security Disclosure
  • SQL Disclosure
  • SQL Disclosure (WS)
  • SQL Error Message
  • SQL Error Message (WS)
  • SSI-Injection
  • UNIX Command Injection
  • UNIX Command Injection (WS)
  • UNIX Relative Path
  • UNIX Relative Path (WS)
  • URL in Query
  • Username or Password in HTTP Request
  • Weak Password
  • Web Server Configuration Vulnerabilities
  • Web Server Miscellaneous Vulnerabilities
  • Web Server Version Vulnerabilities
  • Windows Command Injection
  • Windows Command Injection (WS)
  • Windows Registry Checks
  • Windows Relative Path
  • Windows Relative Path (WS)
  • WSDL Analysis
  • WsTest