Spider Sec Ltd offers External Network Penetration Testing services which are designed to provide assurances that your Internet facing infrastructure has been designed and configured in line with industry best security practices.
What is External Network Penetration Testing?
An External Network Penetration Testing identifies and addresses vulnerabilities which may be present in an organisations external-facing servers, workstations, mails servers, virtual environments and network devices.
Brief Overview of a standard Test:
Key Benefits Of A External Network Penetration Test?
Using our skills in offensive security we will simulate a genuine attack on your external infrastructure. During the test, we will ensure there are no common or publicly known vulnerabilities in the target system at the time of the test. Alongside this, our consultant will also perform checks to ensure your external infrastructure is following best security practice.
A External Network Penetration Test will help our clients:
Our consultants are all certified with at least Check Team Member or OSCP certificate. We follow the industry-standard OSSTMM methodology. Alongside this, we use our own in-house methodologies which have been tried and tested during our own careers.
Penetration Testing Engagement Process
Authenticated Stored XSS in NinjaForms Settings Page (Version 3.4.22 ) Background A Spider Sec Ltd consultant discovered an Authenticated Stored XSS vulnerability inside the Ninja forms WordPress Plugin which could allow attackers to hi-jack administrative cookies if an attack is coupled together with a phishing campaign. Technical Details The following parameters are vulnerable […]
Registration Magic Version 18.104.22.168 (Multiple XSS Vulnerabilities) Background After discovering two new WordPress Plugin vulnerabilities on a recent web application penetration test (which were authenticated and difficult to weaponise) I decided to go in search for some higher ticket WordPress Plugin vulnerabilities in my spare time. I started downloading registration form and forum building plugins, […]
Registration Magic Version 22.214.171.124 Authenticated Blind SQL Injection in URL Background If you still haven’t read the preface to this discovery please take a look here. Technical Details Authenticated SQL Injection in Form_id field The form_id field takes input from a number of in the front end and processes it on […]
Calculated Fields Form WP Plugin (Version <= 1.0.353) Multiple Authenticated Stored XSS Background The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These Calculated Fields Form vulnerabilities were discovered during a web application penetration test by a Spider Sec Ltd Consultant. Technical Details An […]