Keynix

Security Assessment

1. Web Service Scan

Our company will perform a scan of the website or web service to detect various types of vulnerabilities and security issues, including:

  • SQL Injections: Checking for vulnerabilities that allow the execution of harmful SQL queries, potentially compromising the database.
  • XSS (Cross-Site Scripting): Detecting vulnerabilities that allow attackers to inject malicious scripts into web pages, which then execute on the client side.
  • CSRF (Cross-Site Request Forgery): Checking for vulnerabilities that allow unauthorized actions to be performed on behalf of users.
  • Unprotected Directories: Identifying open directories or files on the server that shouldn’t be publicly accessible.
  • Data Leakage in HTTP Headers: Analyzing HTTP headers for sensitive information, such as server versions or paths to configuration files.
  • Outdated Software: Identifying the use of outdated or vulnerable software versions that could be exploited by attackers.

2. Extended API Scan (if documentation is provided)

Our company will perform an extended API scan to detect common vulnerabilities, including:

  • Authentication Issues: Checking if the API is properly configured for authentication.
  • Improper Use of Queries and Parameters: Ensuring that API calls are securely implemented and validated.
  • API Documentation vs. Implementation Discrepancies: Verifying if the API documentation matches the actual implementation.

We support popular formats such as OpenAPI and Swagger.

3. Third-Party Libraries and Component Analysis

Our company will automatically analyze the website to detect the use of third-party libraries and plugins, such as:

  • jQuery
  • Bootstrap
  • AngularJS
  • And others.

The tool will check for:

  • Outdated or vulnerable versions of these components.
  • Provide recommendations on updating or replacing these components.

4. HTTP Header Analysis

Our company will check the HTTP headers for key security settings to improve the overall security posture, including:

  • HSTS (HTTP Strict Transport Security): Protects against man-in-the-middle attacks by instructing browsers to use HTTPS exclusively.
  • CSP (Content Security Policy): Mitigates the risk of XSS attacks by enforcing secure content loading.
  • X-Content-Type-Options: Prevents attacks due to incorrect MIME type detection.

5. Report Generation

After completing the scan, our company will provide an automated report that includes:

  • A list of detected vulnerabilities with detailed descriptions.
  • Severity ranking for each vulnerability (e.g., low, medium, high).
  • Recommendations for remediating each identified issue.

6. Support for Authentication and Proxy

Our company supports various authentication methods to access protected resources, including:

Proxy Servers for scanning through network restrictions.

Basic, Digest, NTLM, Kerberos (Windows).

OAuthSSO (Single Sign-On) for checking integrations and third-party services.