-Vulnerability and Penetration Testing

Vulnerability and Penetration Testing

I utilize several commercial-grade, enterprise level Vulnerability and Penetration testing tools and softwares to efficiently and very detailed inspection of your application, server and related services, standard port scans, known application vulnerabilities (older software versions, etc.)

The list of services I provide in regard of vulnerability testing are as follows.

File Checks

Backup Files or Directories checking – Looking for common files (such as application, logstraces, CVS related web repositories)

  • Scripting Errors Checks
  • Cross Site Scripting in URI

Web Server Configuration Checks

  • Checks for Web Servers Problems –Verification of Web Server Technologies
  • Checking if dangerous HTTP methods are enabled on the web server (e.g. PUT, DELETE, TRACE)
  • Vulnerable Web Server Technologies – such as “PHP 4.3.0 possible code execution and file disclosure.
  • Determining Vulnerable Web Servers.

Parameter Manipulation Checks

  • Cross-Site Request Forgery (CSRF).
  • Cross-Site Scripting (XSS).
  • SQL Injection.
  • Code Execution
  • Directory Traversal
  • HTTP Parameter Pollution
  • File Inclusion
  • CRLF Injection
  • Script Source Code Disclosure
  • DOM XSS
  • (Unix and Windows)
  • Cross Frame Scripting (XFS)
  • PHP Code Injection
  • XPath Injection
  • Path Disclosure
  • LDAP Injection
  • Cookie Manipulation
  • Remote XSL inclusion
  • Blind SQL/XPath Injection
  • MultiRequest Parameter Manipulation
  • Input Validation
  • Buffer Overflows
  • Sub-Domain Scanning

Text Search

  • Directory Listings
  • Source Code Disclosure
  • Check for Common Files
  • Check for Email Addresses
  • Local Path Disclosure
  • Trojan Shell Scripts (such as popular PHP shell scripts like c99shell, r57shell etc)
  • Error Messages

Directory Checks

  • Looks for Common Files (such as logs, traces, CVS)
  • Cross Site Scripting in Path and PHPSESSID Session Fixation.
  • Discover Sensitive Files/Directories
  • Discovers Directories with Weak Permissions
  • HTTP Verb Tampering
  • Web Applications

Port Scanner and Network Alerts

  • Finds All Open Ports on Servers
  • DNS Server Vulnerability: Open Zone Transfer
  • Displays Network Banner of Port
  • DNS Server Vulnerability: Cache Poisoning
  • DNS Server Vulnerability: Open Recursion
  • Checks for Badly Configured Proxy Servers
  • Finds List of Writable FTP Directories
  • FTP Anonymous Access Allowed
  • Checks for Weak SNMP Community Strings
  • Finds Weak SSL Cyphers

Google Hacking Database (GHDB)

  • Over 1200 Google Hacking Database Search Entries

Recent Portfolio

This is a huge ecommerce site and 100% my own creation. The major work includes Virtuemart customization, franchise support, order processing, onepage checkout, advanced order reporting system, order adjustments, custom invoice generation, franchise panels and much much more . . .
This is a Joomla based ecommerce site in which I have completely customized Virtuemart. Additionally I have also developed a small component to handle parent / child combination in the site and also have customized the template according to client requirement.
I have worked on this site from scratch to completion. I have used Helix framework and SP Page builder for template /content construction. Other major work includes, WHMCS integration, Message-media plugin development, RS Form custimization, developing WHMCS template amd much more . . .
This is a Joomla based ecommerce site in which I have completely customized Virtuemart. Additionally I have also developed a small component to handle parent / child combination in the site and also have customized the template according to client requirement.
It is a wedding photography site. It has a complex html layout and a lot of jQuery work has been done in this site. Some custom extensions have also been programmed for this site.
It is the UK based college website. I have developed it from scratch. There is a lot of jQuery related work in it and have also programmed some custom extensions for it.
There was a lot of work in this project. First I upgraded it to the joomla 2.5 latest version and then done all the work specified by the client, like implementing filters on vehicles, customizing K2, ADf XML integration and programming custom extensions.It was a huge project.
This is a golf related social network site. I have used jomsocial in this projet and have custmized it to a big extent.All the other custom programs related extensions are golf related, like score entry, golf course finder, advanced search etc.

Services Pricing

Services Pricing

Request a Free Quote

Email an Enquiry