We at PatientZero Security, penetrate your Website / Web Application through Automated and Manual penetration testing methods to detect any vulnerability, for threats in a web application and then exploit them from a blackbox perspective in order to evaluate security of a Web Application. Not only we follow the OWASP Testing Guide V4 Methodology, but also our Team consists of experienced Bug Bounty Hunters who would use a modern day creative attack approach on your Web Applications. The ultimate goal of the penetration test is to detect vulnerabilities throughout the Web application and its elements , eventually help you with the mitigation of those bugs.

Our Approach and Methodology

• Conducting Passive Recon : Initially to Begin with, we start with Passive recon which includes gathering information about target Web Applications without direct Interaction . We perform Googling Dorking, use , dumpster diving, check for deep web leakage, gather information like subdomains, sensitive directories etc.
• Conduct Active Recon : This type of recon involves direct interaction with the Target. This includes Port Scanning, Foot-printing, Fingerprinting, DNS Lookup, Zone Transfer etc.
• Vulnerability Detection: Upon Gathering the Information , we conduct automated vulnerability scans as well as test for Web Application Vulnerabilities manually. Upon completion of Automated Scan, we manually re-check to confirm those Vulnerabilities.
• Exploitation : After Vulnerability Detection, we check how our detected vulnerabilities can be exploited. We Create Proof of Concepts, that demonstrate the Vulnerability Exploitation using required tools and techniques.
• Risk Analysis : Lastly Risk of All these Vulnerabilities is assessed and categorize each Vulnerability according to the risk.

Deliverables:

We provide Summary, Technical Report and Presentation to our clients that highlights our findings such as critical vulnerabilities and explain different ways to mitigate those vulnerabilities.