About me :
I'm an ethical hacker and a security consultant with a vast amount of experience in securing applications and infrastructure for large organizations. I am capable of identifying and fixing the OWASP Top 10, SANS/CWE 25, and all other frequently exploited vulnerabilities. I am proficient in conducting automatic and manual security testing using tools like Burp Suite, Metasploit, and Nessus. Please refer to my profile to get the complete list of skills.
Plan:
Phase 1: Penetration Testing
1. DAST Assessment (Black box testing with no knowledge of code)
- Analysis using Burp Suite Professional and OWASP ZAP for web applications.
- Manual testing in accordance with WSTG 4.2 and MSTG standards.
- OWASP top 10 check
- Network and services Scan through port scanners like Nmap and Masscan.
- Utilize other Kali Linux tools like Metasploit, Sqlmap, and Xsser as required.
2. SAST Assessment (White box testing with full knowledge of code):
- Code scan and analysis using CodeQL, Sonar Qube, Fortify, VCP, etc.
- CWE 25 check
- Manual analysis based on the OWASP code review guide
Phase 2: Remediation
3. Compiled Report:
- Vulnerabilities discovered
- The impact and severity of vulnerabilities
- Evidence of bugs
- Recommendations
4. Remediation
- Remediation of vulnerabilities identified
- implementing security checks for the future.
- Re-Verification of reported vulnerabilities
Pen-testing Methodology
I usually follow OWASP (Open Web Application Security Project) testing guidelines for penetration testing as it is well documented and convenient to explain to clients. But I am flexible to work with other methodologies as required.