Vulnerability and Penetration Testing

I utilize several commercial-grade, enterprise level Vulnerability and Penetration testing tools and software to efficiently and very detailed inspection of your application, server and related services, standard port scans, known application vulnerabilities (older software versions, etc.).

The list of services I provide in regard to vulnerability testing is as follows.

File Checks

Backup Files or Directories checking – Looking for common files (such as application, logstraces, CVS related web repositories)

  • Scripting Errors Checks
  • Cross Site Scripting in URI

Web Server Configuration Checks

  • Checks for Web Servers Problems –Verification of Web Server Technologies
  • Checking if dangerous HTTP methods are enabled on the web server (e.g. PUT, DELETE, TRACE)
  • Vulnerable Web Server Technologies – such as “PHP 4.3.0 possible code execution and file disclosure.
  • Determining Vulnerable Web Servers.

Parameter Manipulation Checks

  • Cross-Site Request Forgery (CSRF).
  • Cross-Site Scripting (XSS).
  • SQL Injection.
  • Code Execution
  • Directory Traversal
  • HTTP Parameter Pollution
  • File Inclusion
  • CRLF Injection
  • Script Source Code Disclosure
  • (Unix and Windows)
  • Cross Frame Scripting (XFS)
  • PHP Code Injection
  • XPath Injection
  • Path Disclosure
  • LDAP Injection
  • Cookie Manipulation
  • Remote XSL inclusion
  • Blind SQL/XPath Injection
  • MultiRequest Parameter Manipulation
  • Input Validation
  • Buffer Overflows
  • Sub-Domain Scanning

Text Search

  • Directory Listings
  • Source Code Disclosure
  • Check for Common Files
  • Check for Email Addresses
  • Local Path Disclosure
  • Trojan Shell Scripts (such as popular PHP shell scripts like c99shell, r57shell etc)
  • Error Messages

Directory Checks

  • Looks for Common Files (such as logs, traces, CVS)
  • Cross Site Scripting in Path and PHPSESSID Session Fixation.
  • Discover Sensitive Files/Directories
  • Discovers Directories with Weak Permissions
  • HTTP Verb Tampering
  • Web Applications

Port Scanner and Network Alerts

  • Finds All Open Ports on Servers
  • DNS Server Vulnerability: Open Zone Transfer
  • Displays Network Banner of Port
  • DNS Server Vulnerability: Cache Poisoning
  • DNS Server Vulnerability: Open Recursion
  • Checks for Badly Configured Proxy Servers
  • Finds List of Writable FTP Directories
  • FTP Anonymous Access Allowed
  • Checks for Weak SNMP Community Strings
  • Finds Weak SSL Cyphers

Google Hacking Database (GHDB)

  • Over 1200 Google Hacking Database Search Entries


My name is Nohman Habib and I am a web developer with over 10 years of experience, programming in Joomla, Wordpress, WHMCS, vTiger and Hybrid Apps. My plan to start is to share my experience and expertise with others. Here my basic area of focus is to post tutorials primarily on Joomla development, HTML5, CSS3 and PHP.

Nohman Habib


Request a Quote

PHP Code Snippets Powered By :