In a penetration test, skilled security professionals will simulate the behavior of a hacker to discover potential exploitable vulnerabilities. Uncovering potential vulnerabilities resulting from coding errors, configuration flaws, or other deployment weaknesses, penetration testing is known to find a broad variety of vulnerabilities.
Third Party Penetration Testing
Penetration testing for EUM is conducted quarterly by Software Secured, an independent company based in Ottawa, Canada.
The objective of the assessments is focused on uncovering potential vulnerabilities in the EUM Platform using a combination of application and network penetration testing techniques. The following section comprises a brief overview of Software Secured's Comprehensive approach to Web Application Penetration Testing, and Network Penetration Testing engagements.
Web Application Assessment:
Software Secured uses application vulnerability assessment to determine the attacker's view of the application, and the potential assets attackers could gain access to given the application's existing security controls. The following is a list of activities performed during this phase:
- Perform a “crawl” of un-authenticated, authenticated application pages, one for each role of the application.
- The “crawl” results in an inventory of the application pages, which is then parsed to determine all the inputs and their function within the application.
- The “crawl” is then scanned in passive and active scan modes using a commercial vulnerability scanner.
- The results of the vulnerability scanner are verified for false positives.
- Business critical application screens, components and workflows are flagged for a manual code walkthrough to identify potential security flaws.
- Whenever appropriate, potential vulnerabilities are exploited for proof-of-concept purposes and to determine exploitability.
- Obtaining access to vulnerable system/services.
- Privilege escalation.
- Consolidation and further escalation.
Network Penetration Test:
Software Secured uses network penetration testing to determine the attacker's view of the network, and the potential assets attackers could gain access to given the network's existing security controls. The following is a list of activities performed during this phase:
- Network information gathering
- Identify the client footprint
- Network scanning and host identification
- Port and service enumeration
- User enumeration
- Exploitation Attack Plan(s) Generation
- Obtaining access to vulnerable system/services
- Privilege escalation
- Abstract List of Vulnerabilities Tested
- Injection flaws
- Authentication flaws
- Session management flaws
- Cross-site scripting flaws
- Insecure Direct object reference flaws
- Misconfiguration flaws
- Insecure data caching flaws
- Insecure data transmission flaws
- Hardcoded credentials/Keys
- Information disclosure flaws
- Authorization and function level authorization flaws
- Cross-site request forgery flaws
- Insecure 3rd party components
- Unvalidated redirects and forwards
- Application logic bypass flaws
- Clickjacking flaws
- File upload/download flaws
- Design flaws with security implications
- Insecure API calls
- Backdoors flaws
- Man-in-the-Middle attacks
- Denial of service attacks
- Identify sensitive storage and information leakage vulnerabilities
No high severity vulnerabilities were observed during the most recent test.