Poštovani,

Prvih 10 klijenata koji se prijave do 31.12.2010 godine dobijaju gratis Penetration Testing Analizu za svoj sajt.

Potrebno je da na memorandumu vaše firme napišete dozvolu da agencija MMC iz Apatina ima dozvolu da uradi Penetration Testing analizu na vašem sajtu.

Dozvolu pošaljite na office@penetration-testing.rs

Srećne novogodišnje i bozićne praznike želi vam MMC Agencija

Vise informacija na sajtu.

www.penetration-testing.rs

Tema dozvoljena

Ovo su neke od metoda koje isprobavamo:

Arbitary File Deletion
Code Execution
Cookie Manipulation ( meta http-equiv & crlf injection )
CRLF Injection ( HTTP response splitting )
Cross Frame Scripting ( XFS )
Cross-Site Scripting ( XSS )
Directory traversal
Email Injection
File inclusion
Full path disclosure
LDAP Injection
PHP code injection
PHP curl_exec() url is controlled by user
PHP invalid data type error message
PHP preg_replace used on user input
PHP unserialize() used on user input
Remote XSL inclusion
Script source code disclosure
Server-Side Includes (SSI) Injection
SQL injection
URL redirection
XPath Injection vulnerability
EXIF
Blind SQL injection (timing)
Blind SQL/XPath injection (many types)
Cross Site Scripting in path
Cross Site Scripting in Referer
Directory permissions ( mostly for IIS )
HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )
Possible sensitive files
Session fixation ( jsessionid & PHPSESSID session fixation )
Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )
WebDAV ( very vulnerable component of IIS servers )
Microsoft IIS WebDAV Authentication Bypass
SQL injection in the authentication header
Application Error Message ( testing with empty, NULL, negative, big hex etc )
Code Execution
SQL Injection
XPath Injection
Blind SQL/XPath injection ( test for numeric,string,number inputs etc )
Stored Cross-Site Scripting ( XSS )
Cross-Site Request Forgery ( CSRF )