Octogence Technologies Pvt. LtdINFORMATION SECURITY PROVIDERS

www.octogence.com

Octogence is an Information Security service provider which focuses on business centric

security assessment. Our aim is to help organizations to be more secure in the cyber space

so that they stop worrying about data breaches and can focus on their business. .

India

LocationQualified

TeamHybrid

Approach

About Us

India

New Delhi

Companies/Products in which our team has previously discovered vulnerabilities

Findings

How can you benefit from PenTesting ?

Prevent Hacking Attacks Provide secure Environment Maintain Business Continuity Avoid Data Corruption & Leakage Build Customer Trust Security Compliance

Elevated Security Risk Intellectual Property Loss Loss of Reputation & Trust. Business Continuity Breakdown Risk Financial loss in Cyber-Attack Recovery Data Confidentiality & Availability Risk

Without PenTesting With PenTesting

Penetration testing is the process of simulating a managed and controlled attack on the IT infrastructure of an organization from an attacker’s perspective.

Penetration Testing Services

Mobile Application Penetration Testing

Since the establishment, the company has been serving to meet the needs andrequirements of customers all over the world. With its professional approach to customerservice, vast experience and economical prices, the company is the preferred choice forinformation security needs of any organization.

Services

Web Application Penetration Testing

Network Penetration Testing

Using commercial scanners, custom scripts, manual testing and efficient open-source tools we test for

exploitable vulnerabilities which could allow unauthorized access to key assets of the organization.

Web Application Penetration Testing

Some attacks against websites

• Steal database containing sensitive information• Takeover the host running the website• Redirect visitors to malicious site• Deface and host illegal content• Hijack user sessions

Our Process Includes

• Understanding the Application Flow• Identifying the technologies• Managed Active Scan• Manual Assessment• OWASP Top 10 vulnerabilities• Logical Flaws• Advanced Attacks

Mobile Application Penetration Testing

Our Process Includes

• Understand application working• Identifying application permissions• Manual Testing• OWASP Mobile Top 10 vulnerabilities• Logical Flaws• Server Pentesting (optional)• Vulnerability Patch Support

Attackers can exploit Mobile Application to

• Abuse device permissions• Hijack user session• Sniff sensitive information• Steal user credentials• Bypass process flow

Network Penetration Testing

An attacker who has successfully exploited a network may

• Expand further into the organization network• Utilize the victim network to infiltrate other networks• Steal critical and confidential data• Install malware and backdoors• Access partner network

Our Process Includes

• Information Gathering• Threat Modelling• Vulnerability Assessment• Exploitation• Post Exploitation• Vulnerability Patch Support

MethodologyTo serve our clients with their security testing requirements we follow a multi-step process.Using this process we perform a managed assessment of the client environment whichprovides overall coverage and allows us to deliver an actionable report in a timely fashion.

Collect relevant target information

Identify assets and threats to them

Discovering the flaws

Gain access utilizing flaws discovered

Pre - Engagement Interaction

Intelligence Gathering

Threat Modelling

Vulnerability Assessment

Exploitation

Post- Exploitation

Reporting Collect relevant target information

Determine asset value

Understand client requirements

How to choose the right penetration testing service for your company?

How much coverage and customization is available?

Is the testing done using automated tools only or also utilizes manual effort?

What is the deliverable and in what manner?

How updated and relevant is the testing approach?

Actionable Reporting

Business Logic Testing

Automate + Manual

Screenshots

Recommendations

Re-validation

Zero False Positive Customized Testing Schedule Anytime

Octogence Value Proposition

Setup

• No Installation required

• Actionable Report

Service

• Customized service

• Focused on Business Logic

Support

• Patch support

• Vulnerability revalidation

OWASP Top 10 SANS/Mitre Top 25 Business Logic

•Injection

•Broken Authentication and Session

Management

•Cross-Site Scripting (XSS)

•Insecure Direct Object References

•Security Misconfiguration

•Sensitive Data Exposure

•Missing Function Level Access

Control

•Cross-Site Request Forgery (CSRF)

•Using Components with Known

Vulnerabilities

•Unvalidated Redirects and

forwards

•SQL Injection

•OS Command Injection

•Classic Buffer Overflow

•Cross-site Scripting

•Missing Authentication

•Missing Authorization

•Use of Hard-coded Credentials

•Missing Encryption of Data

•Unrestricted Upload of File

•Reliance on Untrusted Inputs

•Execution with Unnecessary

Privileges

•Cross-Site Request Forgery

•Path Traversal

•Download of Code Without

Integrity Check

•Incorrect Authorization

•Inclusion of Functionality from

Untrusted Control Sphere

•Incorrect Permission Assign

•Use of Potentially Dangerous

Function

•Use of a Broken or Risky

Cryptographic Algorithm

•Incorrect Calculation of Buffer

•Improper Restriction of

Excessive Authentication

Attempts

•Open Redirect

•Uncontrolled Format String

•Integer Overflow

•Use of a One-Way Hash

without a Salt

•Price Tampering

•Bypass Validation

•Coupon Reuse

•CAPTCHA Bypass

•Negative Amount

Transfer

•Email Spoofing

•Keys/Tokens Reuse

•Order Out-of-Stock Item

•Payment gateway Bypass

•Misuse Forget Password

Vulnerabilities Coverage Includes *

* Depending upon scenarios

Octogence Technologies Pvt. Ltd11TH Floor, DCM Building16, Barakhamba RdNew Delhi, Pin- 110001India

chandan@octogence.com

+91 11-43720712

+91-9971773414

www.octogence.com