octogence profile
TRANSCRIPT
Octogence Technologies Pvt. LtdINFORMATION SECURITY PROVIDERS
www.octogence.com
Octogence is an Information Security service provider which focuses on business centric
security assessment. Our aim is to help organizations to be more secure in the cyber space
so that they stop worrying about data breaches and can focus on their business. .
India
LocationQualified
TeamHybrid
Approach
About Us
India
New Delhi
Companies/Products in which our team has previously discovered vulnerabilities
Findings
How can you benefit from PenTesting ?
Prevent Hacking Attacks Provide secure Environment Maintain Business Continuity Avoid Data Corruption & Leakage Build Customer Trust Security Compliance
Elevated Security Risk Intellectual Property Loss Loss of Reputation & Trust. Business Continuity Breakdown Risk Financial loss in Cyber-Attack Recovery Data Confidentiality & Availability Risk
Without PenTesting With PenTesting
Penetration testing is the process of simulating a managed and controlled attack on the IT infrastructure of an organization from an attacker’s perspective.
Penetration Testing Services
Mobile Application Penetration Testing
Since the establishment, the company has been serving to meet the needs andrequirements of customers all over the world. With its professional approach to customerservice, vast experience and economical prices, the company is the preferred choice forinformation security needs of any organization.
Services
Web Application Penetration Testing
Network Penetration Testing
Using commercial scanners, custom scripts, manual testing and efficient open-source tools we test for
exploitable vulnerabilities which could allow unauthorized access to key assets of the organization.
Web Application Penetration Testing
Some attacks against websites
• Steal database containing sensitive information• Takeover the host running the website• Redirect visitors to malicious site• Deface and host illegal content• Hijack user sessions
Our Process Includes
• Understanding the Application Flow• Identifying the technologies• Managed Active Scan• Manual Assessment• OWASP Top 10 vulnerabilities• Logical Flaws• Advanced Attacks
Mobile Application Penetration Testing
Our Process Includes
• Understand application working• Identifying application permissions• Manual Testing• OWASP Mobile Top 10 vulnerabilities• Logical Flaws• Server Pentesting (optional)• Vulnerability Patch Support
Attackers can exploit Mobile Application to
• Abuse device permissions• Hijack user session• Sniff sensitive information• Steal user credentials• Bypass process flow
Network Penetration Testing
An attacker who has successfully exploited a network may
• Expand further into the organization network• Utilize the victim network to infiltrate other networks• Steal critical and confidential data• Install malware and backdoors• Access partner network
Our Process Includes
• Information Gathering• Threat Modelling• Vulnerability Assessment• Exploitation• Post Exploitation• Vulnerability Patch Support
MethodologyTo serve our clients with their security testing requirements we follow a multi-step process.Using this process we perform a managed assessment of the client environment whichprovides overall coverage and allows us to deliver an actionable report in a timely fashion.
Collect relevant target information
Identify assets and threats to them
Discovering the flaws
Gain access utilizing flaws discovered
Pre - Engagement Interaction
Intelligence Gathering
Threat Modelling
Vulnerability Assessment
Exploitation
Post- Exploitation
Reporting Collect relevant target information
Determine asset value
Understand client requirements
How to choose the right penetration testing service for your company?
How much coverage and customization is available?
Is the testing done using automated tools only or also utilizes manual effort?
What is the deliverable and in what manner?
How updated and relevant is the testing approach?
Actionable Reporting
Business Logic Testing
Automate + Manual
Screenshots
Recommendations
Re-validation
Zero False Positive Customized Testing Schedule Anytime
Octogence Value Proposition
Setup
• No Installation required
• Actionable Report
Service
• Customized service
• Focused on Business Logic
Support
• Patch support
• Vulnerability revalidation
OWASP Top 10 SANS/Mitre Top 25 Business Logic
•Injection
•Broken Authentication and Session
Management
•Cross-Site Scripting (XSS)
•Insecure Direct Object References
•Security Misconfiguration
•Sensitive Data Exposure
•Missing Function Level Access
Control
•Cross-Site Request Forgery (CSRF)
•Using Components with Known
Vulnerabilities
•Unvalidated Redirects and
forwards
•SQL Injection
•OS Command Injection
•Classic Buffer Overflow
•Cross-site Scripting
•Missing Authentication
•Missing Authorization
•Use of Hard-coded Credentials
•Missing Encryption of Data
•Unrestricted Upload of File
•Reliance on Untrusted Inputs
•Execution with Unnecessary
Privileges
•Cross-Site Request Forgery
•Path Traversal
•Download of Code Without
Integrity Check
•Incorrect Authorization
•Inclusion of Functionality from
Untrusted Control Sphere
•Incorrect Permission Assign
•Use of Potentially Dangerous
Function
•Use of a Broken or Risky
Cryptographic Algorithm
•Incorrect Calculation of Buffer
•Improper Restriction of
Excessive Authentication
Attempts
•Open Redirect
•Uncontrolled Format String
•Integer Overflow
•Use of a One-Way Hash
without a Salt
•Price Tampering
•Bypass Validation
•Coupon Reuse
•CAPTCHA Bypass
•Negative Amount
Transfer
•Email Spoofing
•Keys/Tokens Reuse
•Order Out-of-Stock Item
•Payment gateway Bypass
•Misuse Forget Password
Vulnerabilities Coverage Includes *
* Depending upon scenarios
Octogence Technologies Pvt. Ltd11TH Floor, DCM Building16, Barakhamba RdNew Delhi, Pin- 110001India
+91 11-43720712
+91-9971773414
www.octogence.com