Scope of security and penetration testing services

  • Injections, e.g. code injection, IMAP/SMTP injection, SQL injection (OWASP Top Ten nr 1)
  • Broken Authentication and Session Management incl. authorization errors (OWASP Top Ten nr 2)
  • HTML Injection / Cross Site Scripting XSS (OWASP Top Ten nr 3)
  • Insecure Direct Object References (OWASP Top Ten nr 4)
  • Configuration errors, e.g. exploitation of default accounts, exploiting insufficient permissions set (OWASP Top Ten nr 5)
  • Sensitive Data Exposure (OWASP Top Ten nr 6)
  • Missing Function Level Access Control (OWASP Top Ten nr 7)
  • Cross-site request forgery XSRF (OWASP Top Ten nr 8)
  • Using Components with Known Vulnerabilities (OWASP Top Ten nr 9)
  • Unvalidated Redirects and Forwards (OWASP Top Ten nr 10)
  • Other attacks, e.g. frame spoofing, path traversal, DHCP starvation angriffe, MAC and SYN flooding
  • General vulnerability (combinations of factors)

Contact us

David Janota
David Janota

QA Director / VP
+420 602 771 327
janota@cngroup.dk

Why Choose us

  • Well established, financially secure
  • EU based: Geographic & cultural proximity
  • 23 years experience
  • Trust & fair-play
  • Long-term customer relationships
  • Partnership Programme benefits
  • Pro-active, taking full responsibility
  • Risk sharing, cost savings
  • Agile approach