Synetis can run (non-destructive) intrusion tests on the various components of an IS. These tests simulate the behavior of a malicious individual (coming from inside or outside your comany). Each of the identified vulnerabilities is qualified using the CVSS v3 methodology (the Common Vulnerability Scoring System is used to characterize and evaluate the impact of IT vulnerabilities). An action plan is proposed at the end of each audit.
The principle of penetration testing (also known as pentest) is to discover vulnerabilities on an audited system and to verify their exploitability and impact, under real system-attack conditions.
During, for example, a web application audit (pentest web), the auditors will look for vulnerabilities just as an attacker would do. Synetis auditors will seek out vulnerabilities such as those referenced on the OWASP site.
During internal intrusion tests, Synetis auditors play the role of a malicious individual located within your premises, on your corporate network (firstly, without and then with legitimate access). Audits can be launched directly from a so-called corporate workstation to evaluate its resistance. Such tests serve to assess the efficiency of the network and system partitioning, and to verify the hardening of the resources to which an attacker could have access. Often, these intrusion tests take place in a Windows environment. In this case, the auditor will also verify for the compromise of the Active Directory.
The growth, in recent years, of SaaS and Cloud hosting services, makes them particularly interesting targets for attackers, opening new doors from the outside to internal access to the company’s IS. Moreover, Covid-19 has led to companies having to deal with new and more external flows to allow their employees to work remotely: VPN access, remote office access, port opening… We can run external intrusion tests to check for vulnerabilities of your system.
Depending on your needs, the methodologies can be Black Box (point of view of an unauthenticated attacker), Gray Box (point of view of an authenticated user) or White Box (person with full access to the specs).
In terms of intrusion testing, Synetis is able to perform this work on a target, a Web application, an IS (internal or external), a Win32/Win64 thick client, endpoint APIs, etc.
Depending on the type of audit, we draw on a wide pallet of leading standards when determining our approach and methodology.
- OWASP Top Ten (https://www.owasp.org/index.php/Top_10_2017-Top_10)
- SANS/CWE 25 (https://cwe.mitre.org/top25/)
- Open Source Security Testing Methodology Manual (http://www.isecom.org/research/osstmm.html)
- The ANSSI’s SSI good practice guides (https://www.ssi.gouv.fr/administration/bonnes-pratiques)
Non-exhaustive list of vulnerabilities regularly detected during our audits:
- temporary files, installation files, version notes or development files
- Directory listing & directory guessing
- Identifiers and Password by default or shared
- Attack by dictionary of common words
- Vulnerabilities web servers (Apache, Tomcat, etc) or backends (RDBMS, LDAP, files)
- Vulnerabilities of frameworks or libraries: SSL implementation, PHP Symphony, WordPress, Joomla, etc.
- Commands execution / CGI / reverse shell, execution code / evaluation code / serialization
- Injections: SQL, ORM, Xpath, LDAP, JAR, DTD XXE, XML, Flash, ActiveX, iframe, etc.
- XSS (Reflected, Persistent, User agent, Referer, DOM XSS, UXSS, AJAX)
- CSRF / XSRF
- Authentication bypass / session / cookie / rejeu / CAPTCHA
- Directory / path transversal / File inclusion (local / remote)
- HTTP Header, smuggling, splitting, tampering, open redirect