Penetration Testing

The A&B Warm-Up Penetration Testing will give you broad insight into both discoverable attack surface and vulnerabilities exposed by your deployed software platform.

Two of our Penetration Testing specialists will test your platform against its ability to withstand numerous attack vectors in a balanced effort of automated and manual testing, using a methodology based on the latest OWASP Web Security Testing Guide.

The A&B Warm Up Penetration Testing has been developed and tailored for clients who run web applications, exposing single or multi page applications through REST APIs or microservices in the cloud. Testing will cover at least the following vulnerabilities and attack vectors:

• TLS (SSL) vulnerabilities and misconfigurations
• Broken authentication and Session Management
• Cross Side Scripting (XSS)
• Cross-Site Request Forgery (CSRF)
• XML External Entity (XXE) Processing
• Injection attacks
• Deserialization
• Fuzzing
• Privilege Escalation

As the testing phase ends, we will present our findings, handing over a copy of the slides for you to evaluate how to approach remediation and mitigation of the identified vulnerabilities. Alice&Bob.Company's security specialists are available to support remediation or mitigation as needed, as well as to provide security training to enrich your Companys DevOps teams' experience in preventing vulnerabilities based on the findings produced during this test, as well as for establishing or strengthening a Shift Left culture. The result presentation will also provide a roadmap to further improve security aspects of both development and operations of your platform with the help of the Alice&Bob.Company.

To ensure successful mitigation of identified security flaws, the test may be extended by an optional re-testing phase, where previously identified vulnerabilities are re-tested after (supposed) remediation by 's DevOps team.