Penetration testing helps to protect websites and web applications against attacks from hackers and cyber criminals. By analyzing the website, the scan software identifies possible security holes and vulnerabilities, then creates a detailed report which developers can use to repair any problems.
Penetration testing helps to protect websites and web applications against attacks from hackers and cyber criminals. By analysing the website, we identify possible security holes and vulnerabilities, then create a detailed report which developers can use to repair any problems.
Hyve pen testing scans for over 15,000 vulnerabilities, with some of the most common being:
XSS flaws occur whenever an application takes user supplied data and sends it to a web browser without first validating or encoding that content. XSS allows attackers to execute script in the victim’s browser which can hijack user sessions, deface web sites etc
Injection flaws, particularly SQL injection, are common in web applications. Injection occurs when user-supplied data is sent to an interpreter as part of a command or query. The attacker’s hostile data tricks the interpreter into executing unintended commands or changing data.
Code vulnerable to remote file inclusion (RFI) allows attackers to include hostile code and data, resulting in devastating attacks, such as total server compromise. Malicious file execution attacks affect PHP, XML and any framework which accepts filenames or files from users.
Information Leakage and Improper Error Handling
Applications can unintentionally leak information about their configuration, internal workings, or violate privacy through a variety of application problems. Attackers use this weakness to steal sensitive data, or conduct more serious attacks.
Web applications rarely use cryptographic functions properly to protect data and credentials. Attackers use weakly protected data to conduct identity theft and other crimes, such as credit card fraud.
Applications frequently fail to encrypt network traffic when it is necessary to protect sensitive communications.
Frequently, an application only protects sensitive functionality by preventing the display of links or URLs to unauthorised users. Attackers can use this weakness to access and perform unauthorised operations by accessing those URLs directly.
Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.