We at PatientZero Security, penetrate your Website / Web Application through Automated and Manual penetration testing methods to detect any vulnerability, for threats in a web application and then exploit them from a blackbox perspective in order to evaluate security of a Web Application. Not only we follow the OWASP Testing Guide V4 Methodology, but also our Team consists of experienced Bug Bounty Hunters who would use a modern day creative attack approach on your Web Applications.
The ultimate goal of the penetration test is to detect vulnerabilities throughout the Web application and its elements , eventually help you with the mitigation of those bugs.
Our Approach and Methodology
- Conducting Passive Recon : Initially to Begin with, we start with Passive recon which includes gathering information about target Web Applications without direct Interaction . We perform Googling Dorking, use , dumpster diving, check for deep web leakage, gather information like subdomains, sensitive directories etc.
- Conduct Active Recon : This type of recon involves direct interaction with the Target. This includes Port Scanning, Foot-printing, Fingerprinting, DNS Lookup, Zone Transfer etc.
- Vulnerability Detection: Upon Gathering the Information , we conduct automated vulnerability scans as well as test for Web Application Vulnerabilities manually. Upon completion of Automated Scan, we manually re-check to confirm those Vulnerabilities.
- Exploitation : After Vulnerability Detection, we check how our detected vulnerabilities can be exploited. We Create Proof of Concepts, that demonstrate the Vulnerability Exploitation using required tools and techniques.
- Risk Analysis : Lastly Risk of All these Vulnerabilities is assessed and categorize each Vulnerability according to the risk.
We provide Summary, Technical Report and Presentation to our clients that highlights our findings such as critical vulnerabilities and explain different ways to mitigate those vulnerabilities.