Through the analysis of vulnerabilities in web applications, the aim is to detect the greatest number of possible vulnerabilities according to the OWASP reference framework, which refers to the most common vulnerabilities in the industry, contemplating vulnerability scenarios such as:

A1 – Injection

A2 – Loss of Authentication

A3 – Exposure of sensitive data

A4 – XML External Entities (XXE)

A5 – Loss of Access Control

A6 – Incorrect Security Configuration

A7 – Cross Site Scripting (XSS)

A8 – Insecure Deserialization

A9 – Components with known vulnerabilities

A10 – Insufficient Recording and Monitoring

Said service will allow you to have a global panorama of the vulnerabilities detected automatically, on the evaluated applications, in the same way, thanks to the experience and qualified personnel that work in the consulting team, a detailed analysis will be carried out, to rule out possible false positives. that the tool can generate.

Infrastructure vulnerability analysis

The infrastructure vulnerability analysis service seeks to detect known and reported vulnerabilities at the level of outdated services, ports, operating systems, mishandling of users, etc. Seeking in this way to have a panorama of risk on the infrastructure to be analyzed.

In the vulnerability analysis service, impact and risk assessment mechanisms are used for the detected vulnerabilities, categorizing each one of them, according to the NIST international standard, based on CVSS version two or higher.