Scribd
Upload
42 views14 pages

Web Application VA_PT First Report_Sample

Uploaded by

Neeraj singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
42 views14 pages

Web Application VA_PT First Report_Sample

Uploaded by

Neeraj singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

Web Application VA/PT

Report for
Application Name

Submitted to

<LOGO>

By:
VA/PT Team
Cyberops Infosec LLP

Attention: This document contains information from Cyberops Infosec that is confidential and privileged. The
information is intended for the private use of <Auditee Organization>. By accepting this document, you agree
to keep the contents in confidence and not copy, disclose, or distribute this without written request to and
written confirmation from Cyberops Infosec. If you are not the intended recipient, be aware that any disclosure,
copying, or distribution of the contents of this document is prohibited.

Total Pages: 14

Unauthorized copying or distributing without permission is highly prohibited.


Cyberops Infosec LLP
Confidential

Project Details

Document Title Security Assessment Report


Client <AUDITEE ORGANIZATION>

URL/Target URL

Scope White Box/Black Box/Gray Box

Timeline (Start Date & End Date) DD/MM/YYYY DD/MM/YYYY

Assessment Report Version Penetration Testing V1.0

Report Submission Date DD/MM/YYYY

Service Delivered Vulnerability Assessment & Penetration Testing

VAPT Team’s head

VAPT head’s contact

Assigned Relationship Manager

Relationship Manager’s contact

Project Team

Name Position E-mail

Security Assessment Report 1


Confidential

S.No. Name Page Number

1 Introduction 3

2 Executive Summary 3

3 Purpose 3

4 Vulnerability Assessment & Penetration Testing Methodology 4

5 Standards 5

6 Tools 5

7 Checklist 5

8 Summary of Findings 6-7

9 Detail Report of vulnerabilities 8-9

10 Recommendation and Long Term Plan 10

11 Annexuture – I 11-13

Security Assessment Report 2


Confidential

Introduction
The purpose of the security assessment was to establish a baseline of information that could be obtained about
the application and assets. Specifically, we performed procedures to obtain an understanding, and assess, the
potential vulnerabilities associated with the web applications available for access via the Internet. Mentioned
below are our findings of the application security assessment.

Executive Summary
We recognize the best, most up-to-date information is without value, unless it is pertinent and accessible to
the people it is meant to serve. Client has tasked the consulting company to conduct security assessment of its
application the purpose of reporting existing security loopholes in the web application and also to provide
with recommendation to rectify the problems. This Security Assessment Report assesses the use of resources
and controls to eliminate and/or manage vulnerabilities that are exploitable by threats internal and external
client’s infrastructure. The scope of this security assessment effort was limited to the security controls
applicable to the client’s system environment.

The methodology used to conduct this security assessment is qualitative, and no attempt was made to
determine any annual loss expectancies, asset cost projections, or cost-effectiveness of security safeguard
recommendations. The Approach uses OWASP, SANS, Cyberops and other industry best practices that are
used industry-wide by security and audit professionals.

The overall client’s application security categorization is rated as High in accordance with industry standard.
If the safeguards recommended in this security assessment are not implemented, the result could be
modification or destruction of data, disclosure of sensitive information, or denial of service to the users who
require the information on a frequent basis.

Purpose
The purpose of this security assessment is to evaluate the adequacy of the client’s application security. This
assessment provides a structured qualitative assessment of the operational environment. It addresses
sensitivity, threats, vulnerabilities, risks and safeguards. The assessment recommends cost-effective
safeguards to mitigate threats and associated exploitable vulnerabilities.

Security Assessment Report 3


Confidential

Vulnerability Assessment & Penetration Testing Methodolgy

Figure 1: Methodology of Penetration Testing

Security Assessment Report 4


Confidential

Standards

Tools
The following tools were used during the vulnerability assessment & penetration testing:

Information Gathering Scanning & Crawling Vulnrability Scanning & Analysis

• Whois • Zap proxy • http live header


• Bliend elephent cms scanner • Burp suite • temper data
• Whatweb • W3af • burp suite
• Shodan.io • Vega • hackbar
• Dirsearch
• Dirbuster

Checklist: Annexuture – I (Attached)

Security Assessment Report 5


Confidential

Summary of Findings:
Value Number of Risks

Critical 4

High 2

Medium 1

Low 1

Informative 1

Vulnerabilities

Informative
11%

Low
11%
Critical
45%

Medium
11%

High
22%

Critical High Medium Low Informative

Security Assessment Report 6


Confidential

Severity Level: Critical

For critical vulnerabilities, is advised that you patch or upgrade as soon as possible, unless you have other mitigating
measures in place. For example, a mitigating factor could be if your installation is not accessible from the Internet.

Severity Level: High

Vulnerabilities that score in the high range usually have some of the following characteristics:

• The vulnerability is difficult to exploit.


• Exploitation could result in elevated privileges.
• Exploitation could result in a significant data loss or downtime.

Severity Level: Medium

Vulnerabilities that score in the medium range usually have some of the following characteristics:

• Vulnerabilities that require the attacker to manipulate individual victims via social engineering tactics.
• Denial of service vulnerabilities that are difficult to set up.
• Exploits that require an attacker to reside on the same local network as the victim.
• Vulnerabilities where exploitation provides only very limited access.
• Vulnerabilities that require user privileges for successful exploitation.

Severity Level: Low

Vulnerabilities in the low range typically have very little impact on an organization's business. Exploitation of such
vulnerabilities usually requires local or physical system access.

Security Assessment Report 7


Confidential

4: DETAIL REPORT

Vulnerability #1: Impropper Session Handling

Severity: Critical

Description: Since Hypertext Transfer Protocol (HTTP) is stateless, special provisions must be made outside
of the protocol for the server to remember previous interactions with a user. In web-applications, a “session”
refers to a data-structure stored on the server that is associated with a specific user during a limited time-
period. A session is typically initiated by user authentication and is terminated when they logout (or otherwise
terminate the session). The session associated with the user is identified through a “session token” that is
originally generated by the server and is delivered to the browser as a cookie.

Proof of Concept:

Proof of Concept: 1

POC Image 1:

Security Assessment Report 8


Confidential

Proof of Concept: 2

POC Image 2:

Vulnerable Location: https://example.com

Impact: The session identifier is typically stored and transferred as a cookie, the cookie must be protected to
avoid a potential attack called “session hijacking“. This is because anyone who knows the value of a session
identifier that is currently in use has the potential to “steal” that conversation from the legitimate user and
compromise their account.

Remediation:

▪ Credentials should be protected: User authentication credentials should be protected when stored using
hashing or encryption.
▪ Do not expose session ID in the URL: Session IDs should not be exposed in the URL (e.g., URL
rewriting).
▪ Session IDs should timeout: User sessions or authentication tokens should be properly invalidated
during logout.
▪ Recreate session IDs: Session IDs should be recreated after successful login.
▪ Do not send credentials over unencrypted connections: Passwords, session IDs, and other credentials
should not be sent over unencrypted connections.

Security Assessment Report 9


Confidential

Recommendation
Summary
1. Remove unwanted files and pages from production server .
2. Website server should be audited time to time.
3. Implement session management.
4. It is recommended to eliminate any control of the user on such crucial session related parameters and
use secure sessions to hold and manage such information
5. Implement strong production and development processes to prevent unapproved files from reaching
a production environment
6. Disable in-secure HTTP methods
7. Writing code with managed errors

Long-Term Action Plan


Cyberops Infosec LLP recommends the following Action Plan to enhance the long-term security posture at
<Auditee Organization>.

Actionable Items Priority

Comprehensive Web Application Penetration Testing High

Penetration Testing Service High

Source Code Analsysis High

Application Malware Scan Medium

Configuration Review & Hardening Medium

Network Malware Scan Medium

Security Assessment Report 10


Confidential

Checklist
Information Gathering
Fingerprint Web Server Checked Secure
Review Webserver Metafiles for Information Leakage Checked Secure
Enumerate Applications on Webserver Checked Secure
Review Webpage Comments and Metadata for Information Leakage Checked Secure
Fingerprint Web Application Framework Checked Secure
Configuration and Deploy Management Testing
Test HTTP Methods Checked Secure
Test HTTP Strict Transport Security Checked Secure
Test X-Content-Type-Options Checked Secure
Test X-XSS-Protection Header Checked Secure
Test Content-Security-Policy Checked Secure
Test X-Frame-Options Checked Secure
Test RIA cross domain policy Checked Secure
Authentication Testing
Testing for Credentials Transported over an Encrypted Channel Checked Secure
Testing for default credentials Checked Secure
Testing for Weak lock out mechanism Checked Secure
Test remember password functionality Checked Secure
Testing for Browser cache weakness Checked Secure
Testing for Weak password policy Checked Secure
Testing for Weak security question/answer Checked Secure
Testing for weak password change or reset functionalities Checked Secure
Testing for Weaker authentication in alternative channel Checked Secure
concurrent login Checked Secure
Authorization Testing
Testing Directory traversal/file include Checked Secure
Hidden Directories Checked Secure
Testing for bypassing authorization schema Checked Secure
Testing for Privilege Escalation Checked Secure
Testing for Insecure Direct Object References Checked Secure
Session Management Testing
Testing for Bypassing Session Management Schema Checked Secure
Testing for Cookies attributes Checked Secure
Testing for Session Fixation Checked Secure
Testing for Exposed Session Variables (session Replay) Checked Secure
Testing for Cross Site Request Forgery Checked Secure
Testing for logout functionality Checked Secure
Test Session Timeout Checked Secure
Testing for Session puzzling Checked Secure

Data Validation Testing


Security Assessment Report 11
Confidential

Testing for Reflected Cross Site Scripting Checked Secure


Testing for Stored Cross Site Scripting Checked Secure
Testing for HTTP Verb Tampering Checked Secure
Testing for HTTP Parameter pollution Checked Secure
Testing for SQL Injection Checked Secure
Oracle Testing Checked Secure
MySQL Testing Checked Secure
SQL Server Testing Checked Secure
Testing PostgreSQL Checked Secure
MS Access Testing Checked Secure
Testing for NoSQL injection Checked Secure
Testing for LDAP Injection Checked Secure
Testing for ORM Injection Checked Secure
Testing for XML Injection Checked Secure
Testing for SSI Injection Checked Secure
Testing for XPath Injection Checked Secure
IMAP/SMTP Injection Checked Secure
Testing for Code Injection Checked Secure
Testing for Local File Inclusion Checked Secure
Testing for Remote File Inclusion Checked Secure
Testing for Command Injection Checked Secure
Testing for Buffer overflow Checked Secure
Testing for Heap overflow Checked Secure
Testing for Stack overflow Checked Secure
Testing for Format string Checked Secure
Error Handling
Analysis of Error Codes Checked Secure
Analysis of Stack Traces Checked Secure
Cryptography
Testing for Weak SSL/TSL Ciphers, Insufficient Transport Layer Protection Checked Secure

Testing for Padding Oracle Checked Secure


Testing for Sensitive information sent via unencrypted channels Checked Secure
Business logic Testing
Test for Process Timing Checked Secure
Test Number of Times a Function Can be Used Limits Checked Secure
Test Upload of Unexpected File Types Checked Secure
Test Upload of Malicious Files Checked Secure
Client-Side Testing
Testing for DOM based Cross Site Scripting Checked Secure
Testing for JavaScript Execution Checked Secure
Testing for HTML Injection Checked Secure
Testing for Client Side URL Redirect Checked Secure
Security Assessment Report 12
Confidential

Testing for CSS Injection Checked Secure


Testing for Client Side Resource Manipulation Checked Secure
Test Cross Origin Resource Sharing Checked Secure
Testing for Clickjacking Checked Secure
Test Web Messaging Checked Secure
Test Local Storage Checked Secure

Security Assessment Report 13

You might also like