Latest News
- Important - Millions of Coldfusion sites STILL need to apply patches
- Adobe ColdFusion's Directory Traversal Disaster
- Adobe vulnerability: Pen test firm finds ColdFusion admin page flaw
- 80 million websites could be compromised due to a flaw in Adobe ColdFusion
- Tens of millions of websites could be easily compromised by trivial attack
Click here to see more news.
Vulnerabilities
Click here to see more of ProCheckUp's published vulnerabilities.
Application Testing
Companies are using more complex applications than ever before and with increased complexity comes greater threats and more vulnerabilities.
Application testing finds technical vulnerabilities such as SQL injection, cross site scripting, back end authentication and business risks such as unauthorised logins.
A small example of application tests we regularly perform include:
Shopping Basket Test
The malicious intervention of shopping baskets is a potential risk to all Ecommerce sites, ProCheckUp test the entire process to ensure the payment methods and procedures cannot be compromised and are not susceptible to manipulation.
Access Controls Testing
Access controls such as authenticated log in can represent a massive risk to companies if there are any vulnerabilities surrounding the process. ProCheckUp reviews the entire process to ensure users cannot bypass the access controls required.
ProCheckUp can use a set of credentials from the client to assess whether a user can manipulate their privileges, subvert the application, cause denial of service attacks or disrupt any services.
Session Testing
Authenticated Session Testing - ProCheckUp Ltd uses a set of credentials to assess whether an authenticated user can traverse between accounts and highjack a legitimate session. Can cookies be used to gain access and privileges?
The combination of expert manual testers and the automated ProCheckNet technology allows us to locate any potential risks. After the test has been completed the customer is provided with a detailed report listing vulnerabilities and threats and grading the threats using a traffic light system. This method makes reports as clear and concise as possible, ensuring the biggest risk is highlighted immediately and can be mitigated as such.
We recently performed an application test where a large commercial site had log in authentication needed, however we found that you did not need to use the login to gain authenticated functionality. Read the full case study here.