Penetration Testing 

CCSC offers application and network level penetration testing performed through the industry tools and verified by certified security experts. This process reduces the number of false positives in the findings. We provide continuous and periodic (monthly, quarterly, annual) scans based on customer’s regulatory requirements.

External Penetration testing (Network Layer)

CCSC conducts network scan for customers at a predefined interval based on customer’s prior approval. Once appropriate IP addresses are captured, the system will be set up to perform scans upon verification that the same internet IP addresses are used.

CCSC will further attempt to exploit any vulnerability found by the network scan to eliminate any false positives. Thiswould be performedafter any known vulnerabilities are mitigated.

External Penetration testing (Application Layer)

CCSC assesses the application for known application vulnerabilities. Assessment techniques include:

          • Parameter Tampering – Query strings, POST parameters, and hidden fields are modified to gain unauthorized access to data or functionality.
          • Cookie Poisoning – Data sent in cookies is modified to test application response to receiving unexpected cookie values
          • Session hijacking – CCSC attempts to take over a session established by another user to assume the privileges of that user.
          • User privilege escalation – CCSC attempts to gain unauthorized access to administrator or other users’ privileges.
          • Credential manipulation – CCSC modifies identification and authorization credentials in an attempt to gain unauthorized access to other users’ privileges.
          • Forceful Browsing – Misconfigured web servers will send any file to a userif the user knows the file name and the fileis not protected. Therefore, a hacker may exploit this security hole, and “jump” directly to pages.
          • Backdoors and Debug Options – Many applications contain code left by developers for debugging purposes. Debugging code typically runs with a higher level of access, making it a target for potential exploitation. Application developers may leave backdoors in their code. These backdoors, if discovered, could potentially allow an intruder to gain an additionallevel of access.
          • Configuration Subversion – Misconfiguring web servers and application servers is a common The most common misconfiguration is one that permits directory browsing. Hackers can utilize this feature tobrowse the application’s directories (such as CGI-bin/) by justtyping in the directory name.
          • Input validation bypass – Client-side validation routines and bounds-checking are removed to ensure controls are implementedon the server.
          • SQL injection – Specially crafted SQL commands are submitted in input fields to validate input type controls.
          • Cross-site scripting – Active content is submitted to the application to cause a user’s web browser to execute unauthorized code. This test is meant to validate user input type controls.
Would like to see if we can break in?
Contact Us!
ABOUT CCSC

Cerberus Cyber Sentinel Corporation (CCSC) is a cloud-first security consulting company, committed to delivering innovative technology security solutions that solve human challenges. We are compelled by our core values to drive transformational results for clients across all company sizes, geographies, and industries. The CCSC team delivers full lifecycle security solutions from project inception and planning, through deployment to ongoing support and maintenance focusing on Compliance and Security that help organizations transform into Security as a Culture.

HEADQUARTERS
  • 7333 E Doubletree Ranch Road Suite D270 Scottsdale, AZ 85258
  • 480-389-3444
  • Email Sales
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from Youtube
Vimeo
Consent to display content from Vimeo
Google Maps
Consent to display content from Google