Website Application Security Audits

Since WordPress is a widely used platform, it often becomes a target for hackers.

Their attacks are facilitated by the high number of outdated WordPress installations and outdated plugins and themes. These old versions of WordPress components contain vulnerabilities and security weaknesses that can be exploited.

We conduct black-box vulnerability audits which performs multiple tests to identify security weaknesses in the target WordPress websites. We perform the assessment remotely, without authentication and it simulates an external attacker who tries to penetrate the target website.

This is a custom audit which implements all the security checks performed by known Drupal scanners such as CMSMap or Droopescan but also adds new security tests on top.

Our security audit performs a series of passive and active checks to identify the Drupal version, modules, themes and the current system configuration.

We check if your own installation of Drupal is updated and properly configured. We basically see how your Drupal installation looks from the perspective of an external attacker.

Furthermore, the Drupal core vulnerabilities are extracted from a local database which is periodically updated with the latest vulnerabilities which affect Drupal. The vulnerabilities are reported according to the identified Drupal version.

This security audits connects to the target Joomla website and retrieves information from the HTML pages in order to fingerprint the Joomla version.

The enumeration of components, modules and templates is actively done by trying multiple known names.

Our tools also extract the vulnerability information from a frequently updated database of Joomla core and extensions and includes them in the final report together with references for vulnerability details.

We perform a remote scan, without authentication, using a black-box approach. This simulates an external attacker who tries to penetrate the target Joomla website.

Our security audit connects to the target SharePoint server and tries to retrieve certain default pages that indicate the presence of the mentioned vulnerabilities.

Furthermore, the HTTP response headers received from the server are also analyzed to find security issues.

The SharePoint security assessment is performed remotely, in a black-box manner. The results of the scan should be interpreted from the perspective of an anonymous user who accesses the target website.

SQL Injection remains one of the most prevalent attacks used by hackers and a serious security threat to both individuals and companies.

SQLi is also one of the most well-known web application vulnerabilities with a dedicated chapter in the OWASP Top 10 project and is also a highly chased vulnerability in bug bounty programs.

A common SQL injection attack happens when attackers try to insert malicious SQL statements located in an HTTP (or HTTPS) request by changing the current behavior of SQL statements created by the web application.

They do this by first finding a vulnerable user input within a web app and create input content which is often used as the malicious payload to launch this attack. The input provided by an attacker may include characters that could interfere with the SQL syntax and will result in arbitrary SQL queries performed on the database.

Our security audit will scan the target URL containing SQL commands and check if the MySQL database has been exposed to any SQL injection vulnerability. It can perform a full SQL injection assessment of the target web application to detect vulnerabilities before being compromised.

Other popular relational database management systems (RDBMS) that are vulnerable to SQL injection are Microsoft SQL Server, Oracle, or SQLite. These are also covered by our security audits.

Cross-Site Scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs.

The risk of a Cross-Site Scripting vulnerability can range from cookie stealing, temporary website defacement, injecting malicious scripts or reading sensitive page content of a victim user.

We conduct XSS detection with a couple of requests. First, we inject a simple string in the tested parameter and checks if it is reflected back in the response page. If the parameter is reflected, then we will inject a piece of JavaScript code, including some special HTML characters (>, <, “, ‘) and it will try to see if they are returned in the response page without sanitization. If this is true, the page and parameter are declared vulnerable.

The URL Fuzzer can be used to find hidden files and directories on a web server by fuzzing.

This is a discovery activity which allows you to discover resources that were not meant to be publicly accessible (ex. /backups, /index.php.old, /archive.tgz, /source_code.zip, etc).
Since ‘security by obscurity’ is not a good practice, you can often find sensitive information in the hidden locations identified by the URL Fuzzer.

The URL Fuzzer uses a custom built wordlist for discovering hidden files and directories. The wordlist contains more than 1000 common names of known files and directories. For each WORD in the wordlist, it will make an HTTP request to: Base_URL/WORD/ or to Base_URL/WORD.EXT in case you chose to fuzz a certain EXTension.