Web App Penetration Testing


We follow a systematic and yet agile approach to test website security. This helps our customers gain an extremly accurate and elaborate results along with a knowledge base and years of experience on the subject matter. We follow OWASP Top 10 standard to find and report vulnerabilities.

Before Testing Starts

  • Sign NDA

  • Freeze on scope

  • Study Cloud App Architecture

  • Study Cloud User Roles

  • Decide attack vectors and prioritize

  • Allocate single point of contact

During Testing

  • Black box testing

  • Gray box testing

  • Automatic and Manual Testing

  • Testing Phases

  • Reconnaissance

  • Scanning

  • Gaining Access

  • Maintaining Access

  • Covering Tracks

  • Gathering Logs

After Testing

  • Analyse logs

  • Confirm results

  • Apply Knowledge

  • Apply Experience

  • Repeat Test if required

Testing Outcome

  • Detailed technical report (OWASP Top 10 Standard)

  • Executive summary

  • High level fixation solutions

  • Certificate of testing completion (optional)

Penetration Testing Services

PHP Security

.Net Security

Java Security

JScript Security

JQuery Security

Vulnerabilities in PHP can be in several different forms. The basic definition of vulnerability is some weakness in the system that allows someone to do something malicious to the system, which in this case is the web server. One form of vulnerability is via a poorly written PHP script by a user, which can be done by mistake or with malicious intent. Another form is by not understanding all the various settings that can be used with PHP and thus the administrator of the web server does not implement settings which are necessary for security. There are other vulnerabilities that exist which can cause a denial of service to the user (crashing the web server, flooding the network with traffic to where it is unusable, etc.). The following identifies some examples of these vulnerabilities and gives a more detailed explanation of each type of vulnerability.
Valency Networks is one of the best web application and website security testing company in India and abroad. Our experience tells us that, while PHP scripts are not inherently bad, the user could either inadvertently write a script that allows the vulnerability or maliciously create a script to take advantage of certain PHP functions. A web administrator may not need to worry about such scripts for the main website that he/she manages, but other users on the system which create and publish web content could create bad PHP scripts. The web server administrator must be aware of such issues with PHP so none of the pages on the system have vulnerabilities.
There are two major types of PHP vulnerabilities, local and remote. The local vulnerabilities are designed such that the attack is being made on the system on which the PHP script resides. A remote vulnerability executes a PHP script on one web server, which in turn goes out to get another PHP script and then is executed on the web server. In this instance, an attacker could place a PHP script on some other server which would cause vulnerability to a web server which executed it. Then the attacker can essentially tell the web server they are trying to exploit to grab that PHP file and execute it, causing the web server to be vulnerable.
Some vulnerabilities are introduced by incorrectly or not setting certain configuration parameters for the PHP module. Certain commands are not as well known as others or may not be documented properly. Many of these configuration parameters are known by the PHP community, but many web server administrators are not part of that community and do not know much about PHP.

Read More

Our Culture

Valency Networks is a very agile, friendly and fun loving atmosphere and yet we maintain a cutting edge technical vibrant work environment.