Spectrum Networks Solutions Ltd offers Vulnerability Assessment Services to identify vulnerabilities in your infrastructure, networks and application environments and to address the requirements of regulations and standards.

Our Vulnerability Assessment Service typically consists of, but not limited to, port scanning, OS and Service detection, and Vulnerability Analysis.

We analyses the vulnerabilities detected in earlier phase to exploit the weaknesses both manually and using appropriate tools to launch typical attacks.

Our Penetration Testing Service typically consists of, but not limited to, manual and automatic penetration testing, and exploitation of vulnerabilities.

Methodology

Passive Approach

  • Understand the logic of theapplication
  • InformationGathering
  • Understand all the access points of theapplication

Active Approach

  • Configuration ManagementTesting.
  • SSL/TLSTesting
  • Testing for fileextensions
  • Old, backup and unreferencedfiles
  • Testing for HTTPmethods
  • Testing forXSS
  • Testing forSQLi
  • AuthenticationTesting
  • Credentials transport over an encrypted channel- Check forSSL(https)
  • Testing for Guessable UserAccount
  • Brute ForceTesting
  • Testing for bypassing authenticationschema
  • Testing for vulnerable remember passwordand passwordreset
  • Testing for Logout and Browser CacheManagement
  • Testing forCAPTCHA
  • Testing Multiple FactorsAuthentication
  • AuthorizationTesting
  • AuthenticationTesting
  • Testing for bypassing authorizationschema
  • Testing for PrivilegeEscalation
  • Session ManagementTesting
  • Testing for Session ManagementSchema
  • Testing for Cookies attributes- http only, secure and timevalidity
  • Testing for SessionFixation
  • Testing forCSRF

Report Deliverables

Executive Report
Management Report
Technical Report

Approaches

Black Box
WhiteBox
GreyBox

Need of VAPT on Web App

As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customerlists.Hackers are concentrating their efforts on web-based applications

shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporatedatabases.

Methodology

  • Change Management ProcessAudits
  • Information gathering of thesystem
  • Change logs andscrutiny
  • Audit trail of firewall changes andapproval processes
  • Real time monitoring ofchanges
  • Firewall Rule BaseAudit
  • Review & Assess Firewallpolicy
  • Risk Assessment & Issuesremediating
  • Optimization of RuleBase
  • VerifyingCompliance
  • Firewall audit compliancestatus
  • Automatic identification of non-compliant rules and remedial
  • Physical and OS Security Audit ofFirewalls
  • Set up continual AuditReadiness

Need of VAPT on Firewall

Firewall Auditing is a very critical component of security systems today. The technology landscape changes for Web Applications, Enterprise Solutions, Mobility & Mobile Devices, communication tools & networks. This brings in new compliance requirements with an increase in expectations from firewall security aswell.

Methodology

  • Identify livehosts
  • Identify OStype
  • Portscan
  • DoSdisabled
  • Web scanenabled
  • SSL scan on every ports instead of knownports
  • Enable TCP and UDPscan
  • AuditSSL
  • Self-signedcertificate
  • SSL version 2 and 3detection
  • Weak hashingalgorithm
  • Use of RC4 and CBCciphers
  • Logjamissue
  • Certificateexpiry
  • Openssl Change CipherSecissue
  • POODLEvulnerability
  • Openssl heartbleedissue
  • Hunting some commonports
  • DNS (53)UDP
  • Examine domain namesystem
  • Check for zonetransfer
  • Brute force subdomain using fiercetool
  • Banner grabbing and finding publiclyknown exploits
  • Check for DNS amplificationattack
  • SMTP (25)TCP
  • Check for SMTP open relay
  • Check for username enumeration using VRFYcommand
  • Banner grabbing and finding publiclyknown exploits
  • Check if that supports sshv1 ornot.
  • Brute force password using hydra andmedusa
  • Brute force FTP password using hydra and medusa
  • Telnet (23)TCP
  • TFTP (69)UDP
  • TFTPEnumeration

Need of VAPT on Network

Network devices are commonly targeted by hackers in order to destabilize the entire network or to steal information. Spectrum Networks VAPT services help you validate the configuration of various technology devices & platforms on your network as per best practices. We help you identify security issues and weak links in your network through network assessment, and penetrationtesting.

Holistic Approach towards Security

Information Gathering & Analysis

  • Define Object
  • Network Survey
  • Open Ports

Vulnerability Scanning

  • Define target for penetration
  • Scan the web to discover unknown vulnerability
  • Interpret the scan result

Reporting

  • Summary of successful penetration
  • Description of vulnerabilities found
  • Recommendation to resolve vulnerabilities found

Benefits

  • Comprehensive Testing forNetworks.
  • Identification of weakest link in the chain and Provide evidence that verifiesthe possibility of exploiting the vulnerabilitiesfound.
  • Elimination of false positives and prioritize realthreats.
  • Detection of attack paths missed through manual testing. Facilitates regular andfrequent scans.
  • Secures against business logic flaws and closing all windows of opportunity forintruders.
  • Facilitating regular and frequentscans.
  • Include the best industry standards like; OWASP, SANS,etc.

Why Us?

Spectrum Networks Solutions Ltd platform combines both Vulnerability Assessment and Penetration Testing (VAPT) methods. By doing so, we provide both a full list of the flaws found and a measurement of the risk posed by each flaw. Spectrum Networks performs both dynamic and static code analysis to not only find flaws in code but also to determine if there are any missing functionalities whose absence could lead to security breaches.

Spectrum’s Network testing is based on proven methodologies and techniques. Using a series of commercial tools, open source tools and in-house built scripts, Spectrum’s security testers provide security testing techniques that identify your security vulnerabilities before Internet hackers find them. Network Testing requires appropriate scoping. As a consequence, it is always appropriate to undertake diligent scoping to ensure that network service assessments are conducted in accordance with client requirements.

Penetration Attempt

  • Carry out manual and automated penetration testing to exploit weakness

Compliance

  • HIPAA
  • GDPR
  • GLBA
  • FISM
  • PCI-DSS