Here are just a few examples of the test that we could potentially do on your systems:

ABRUPT SESSION TERMINATION

A Hacker can reroute session identifiers and obtain access to an account, after the victim "thinks" he has disconnected. A hacker can obtain the session IDs from various cookies hidden on a shared computer, or by web pages containing hidden fields, or by the network (tracing or sniffing the wire), etc.

PRIVILEGE ESCALATION

Privilege escalation vulnerabilities enable users with less privilege to access pages and run code that should only be permited to power users, admins or user with more privilege. This vulnerability indicates that the right to launch certain actions or to see specific data is not managed on the application server.

MUTUAL USER

Simultaneous cross-user vulnerabilities will enable a hacker to see sensitive information and in return enable the hacker to execute specific operations that, in theory, should only be accessible to the permitted, normal user.

URL JUMP

URL Jumping (escaping a predetermined action of an application) will enable malicious users to bypass the normal steps set in place by the online application. The end result will be that those users will be able to execute commands in ways that were not planned or that were not thought possible.

CROSS-SITE REQUEST FORGERY (CSRF)

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

SESSION FIXATION

In computer network security, session fixation attacks attempt to exploit the vulnerability of a system which allows one person to fixate (set) another person's session identifier (SID). Most session fixation attacks are web based, and most rely on session identifiers being accepted from URLs (query string) or POST data.

Certaines applications qui continuent à utiliser la même session ID après l'établissement de la connexion donnent un accès illimité illicite à vos données.

EXAMPLES OF OUR AUTOMATED TESTS

Acquire Session ID
Application Exception
Application Exception (WS)
Authentication Bypass
Authorization Boundary
Blind SQL Injection
Blind SQL Injection (WS)
Browse HTTP from HTTPS List
Brute Force Login
Buffer Overflow
Buffer Overflow (WS)
Change Password and Email in Same Session
Check Basic Authorization over HTTP
Check HTTP Methods
Cookie Listing
Credit Card Disclosure
Cross-Frame Scripting
Cross-Site Scripting
CIA Web Server Configuration
Database Server Version Checks
Detect Off-Site Images
Directory Browsing
Document Caching
External Applet, Script, or Object
File & Directory Discovery
Find Pages
Form-Based Authentication
Format String
Format String (WS)
Form Caching
Forms Submitted Without Using Post
GET for POST Hidden Field Listing
HTML & JavaScript Comments
HTTP Header Listing
HTTP Response Splitting
Integer Overflow
J2EE Session ID Length
Lockout
No Applets, Scripts, or Objects
Non-Masked Password
Non-SSL Form
Non-SSL Page
Non-SSL Password
Open Redirect
Page Listing
Pages Containing Forms
Pages Containing Meta Tags
Pages Requiring Cookies
Pages Specifying a Character Set
Password Change
Password Autocomplete
Phishing Referrer Trust
Port Scanner
PHP/Perl Code-Injection
Privacy Notification
Privilege Escalation
Register Password
Register Unique User
Remote File Inclusion
Run Traversal Only
SE (SmartAttack Engine) Event Reporting
Session Hijacking
Session ID Randomness
Social Insurance Disclosure
Social Security Disclosure
SQL Disclosure
SQL Disclosure (WS)
SQL Error Message
SQL Error Message (WS)
SSI-Injection
UNIX Command Injection
UNIX Command Injection (WS)
UNIX Relative Path
UNIX Relative Path (WS)
URL in Query
Username or Password in HTTP Request
Weak Password
Web Server Configuration Vulnerabilities
Web Server Miscellaneous Vulnerabilities
Web Server Version Vulnerabilities
Windows Command Injection
Windows Command Injection (WS)
Windows Registry Checks
Windows Relative Path
Windows Relative Path (WS)
WSDL Analysis
WsTest




2017 © Wolf Technologies
Realisation : Évolution Graphique, Les Technologies Wolf

Wolf Technologies
Tel: 418 704-2623
Toll free: 1 844 418-8896
info@technologieswolf.com
Follow us: