Image

Our Methodology

All testing performed is based on the NIST Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide, and customized testing frameworks.

  • Planning

    Customer goals are gathered and rules of engagement obtained.

  • Discovery

    Perform scanning and enumeration to identify potential vulnerabilities, weak areas, and exploits.

  • Attack

    Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.

  • Reporting

    Document all found vulnerabilities and exploits, failed attempts, and company strengths and weaknesses.

Penetration Testing

External Penetration Testing

An external penetration test emulates the role of an attacker attempting to gain access to an internal network without internal resources or inside knowledge. A BugsLife engineer attempts to gather sensitive information through open-source intelligence (OSINT), including employee information, historical breached passwords, and more that can be leveraged against external systems to gain internal network access.

The engineer also performs scanning and enumeration to identify potential vulnerabilities in hopes of exploitation.

Internal Penetration Testing

An internal penetration test emulates the role of an attacker from inside the network. A BugsLife engineer will scan the network to identify potential host vulnerabilities. The engineer will also perform common and advanced internal network attacks, such as: LLMNR/NBT-NS poisoning and other man- in-the-middle attacks, token impersonation, kerberoasting, pass-the-hash, golden ticket, and more. The engineer will seek to gain access to hosts through lateral movement, compromise domain user and admin accounts, and exfiltrate sensitive data.

Web Application Testing

Web application testing measures the security posture of your website and/or custom developed application. BugsLife performs full unauthenticated and authenticated testing based on strict OWASP guidelines. Our engineers focus on identifying weak points across the entire web application to ensure your applications and data stay safe.

Testing activities include hunting OWASP Top 10 Vulnerabilities, website mapping and enumeration, testing for injection attacks (SQL, JavaScript, LDAP, etc.), testing for remote code execution, malicious file upload abuse testing, and more. All testing performed follows the OWASP v4 guidelines and checklist.

Mobile Application Testing

The Mobile app security testing and reverse engineering for iOS and Android mobile security testers with the following content:
Mobile platform internals
Security testing in the mobile app development lifecycle
Basic static and dynamic security testing
Mobile app reverse engineering and tampering
Assessing software protections

See How We Can Secure Your Assets

Let’s talk about how Bugslife can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.