Penetration test is a method to assess the security of a computer or network by simulating a hacker and attack takes place. In this method, all systems and applications and services installed on it to find security problems are tested and then a solution to solving problem is provided.
- Review and evaluation mechanisms to control unauthorized access to resources and functions
- Review and identify faults do not allow the user to use his/her app.
- Evaluation DoS attack that comes from saturated limited resources shared.
- Review and identify weaknesses authentication system and identify different ways of authentication
- Review and assess the issuance, use, modify and delete Session ID
- Review and assess user management, access levels and permissions to use resources for each user
- Evaluate Buffer Overflow in programs
- Check settings of user management, password and database
- Review and identify websites vulnerabilities
- Review and assess administrator user preferences and passwords and access levels
- Evaluation encryption algorithms used
- Review of the level of protection and data transfer by SSL and TLS and evaluate their settings.
- Check how to manage and certification and digital signature
- Evaluation Certificate, Token, Session ID, and…
- Review and identify vulnerabilities Injection Attacks