I provide penetration testing against the following:
• Web Applications (APIs Included)
• Mobile Applications (APIs Included)
• Cloud Systems
• Network (Externally or Internally)
*For Network penetration testing, we can negotiate for further price adjustments, as network pentester costs will be determined by the number of IT assets and the depth of the test
The tests I will perform are as follows:
-Authentication (2FA, login feature, "remember me" function, impersonation, etc.)
-Session Management (Token predictability, session termination, session fixation, CSRF)
-Transport Layer (Cookies, SSL)
-Input Handling (OWASP Top 10, SANS Top 10, and any other additional testing)
-Host Environment
-Network Security
-Software Stack Vulnerabilities (outdated software)
-Best Practices Implementation
Some of the tools I will be using:
-NMAP
-OpenVAS
-Burp Suite
-SSLScan
-Metasploit (if required)
The report will include:
-Proof of Concept
-Risk Matrix
-Risk and Vulnerability Analysis
-Remediation Plan
Furthermore, I can provide a call/meeting to explain the report to you in detail. less talk about the product details