Conquest

#Conquest Security

Logical Application Testing

Why Logical Application Testing?

When looking at bug bounty programs of large big tech companies such as Google, Facebook, Twitter, Amazon, Uber, Netflix, LinkedIn and Microsoft, around 90% of all vulnerabilities encountered and disclosed contain issues in the 4 following categories:

  • Business and Application logic flaws
  • Insecure Direct Object References (IDOR) flaws
  • Information Disclosure flaws
  • Application Programming Interfaces (API) flaws

 

A lot of companies undergo regular standard Penetration Testing and Vulnerability Scanning. Often the results apparently show no reason for concern. However, a lot of critical and high severity issues simply cannot be detected with standard tools and protocols as they are application centric.

Service Description

This service examines web applications and mobile applications for flaws, which fall outside OWASP and standard Penetration Testing frameworks. SQL Injections, flaws in the operating system etc. are rare these days due to patch management, regular scanning and the move into cloud infrastructures. On the other hand, logical issues within applications see an exponential rise.

Tests performed

The tests include the following:

Business logic testing:
Bypassing of steps within the anticipated flow, skipping client-side controls, manipulating the application to accept user-controlled input, bypassing numeric limits and process flows to the user’s advantage, Manipulating signup, login, user profile functionalities and more.

IDOR testing:
Accessing other user’s content as another authenticated user, accessing administrator functions as a regular user or accessing restricted content without authentication need.

Information disclosure testing:
Exposing sensitive information within the application, which should not be available to users. Finding unused or out of date information which should have not been made public, constructing attack vectors through verbosity of error messages etc.

API testing:
Cookie and Token manipulation, UUID manipulation, reverse engineering authentication and authorization logic, testing HTTP methods, JSON and XML injection etc.

Deliverables

 

Flexible Options

 

Why us?

  • Consultants with 10+ years of ethical hacking experience
  • Consultants certified to highest levels such as OSCP, OSCE, OSWE, GIAC
  • Experience across all industry and government sectors
  • We are an independent third party concerned with finding & fixing flaws
  • No conflict of interest. We are not embedded with HW/SW vendors
  • Dedicated Red Team approach with specialists in all technologies