Vulnerability Scanning is a low cost solution for businesses wanting a lightweight security check up on their computer systems, networks or web applications. This type of assessment will uncover “low hanging fruit” security misconfigurations such a missing patch levels.
What is Vulnerability Scanning?
A Vulnerability Scan will audit for “low hanging fruit” vulnerabilities against external facing infrastructure or web application. The assessment will discover the following type of vulnerabilities:
Brief Overview of a standard scan:
Key Benefits Of A Vulnerability Scan
Vulnerability Scans can be used to give a quick check of your infrastructure. System admins may decide to request a vulnerability scan to ensure there system has been patched correctly:
A Vulnerability Scan will help our clients:
Our consultants are all certified with at least Check Team Member or OSCP certificate. We follow the industry-standard OSSTMM methodology. Alongside this, we use our own in-house methodologies which have been tried and tested during our own careers.
Using industry specific scanning tools we will audit your web application or external infrastructure for the latest vulnerabilities.
Penetration Testing Engagement Process
Registration Magic Version 220.127.116.11 (Multiple XSS Vulnerabilities) Background After discovering two new WordPress Plugin vulnerabilities on a recent web application penetration test (which were authenticated and difficult to weaponise) I decided to go in search for some higher ticket WordPress Plugin vulnerabilities in my spare time. I started downloading registration form and forum building plugins, […]Read More
Registration Magic Version 18.104.22.168 Authenticated Blind SQL Injection in URL Background If you still haven’t read the preface to this discovery please take a look here. Technical Details Authenticated SQL Injection in Form_id field The form_id field takes input from a number of in the front end and processes it on […]Read More
Calculated Fields Form WP Plugin (Version <= 1.0.353) Multiple Authenticated Stored XSS Background The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These Calculated Fields Form vulnerabilities were discovered during a web application penetration test by a Spider Sec Ltd Consultant. Technical Details An […]Read More
Chained Quiz WP Plugin Unauthenticated Reflected XSS (Version 22.214.171.124) Background During a web application penetration testing engagement, we discovered our client was using the Chained Quiz Plugin to serve quizzes on the front-end of their site. A quick analysis using WPscan uncovered several historic Chained Quiz Vulnerabilities which had been disclosed in previous versions. As […]Read More