NNTC will evaluate the adequacy of the application’s authentication control mechanism as it processes the identity of individuals or entities.
NNTC will evaluate the adequacy of the application’s session management control mechanism as it traces the activities performed by authenticated application users.
NNTC will evaluate the adequacy of the application’s input controls as the application processes inputs received from different interfaces and\or entry points.
NNTC will determine if it is possible to get information from the temporary Internet files, cookies and other application objects.
NNTC will determine the type of information that is transferred back to the user or stored in the client’s machine.
NNTC will assess the application based on other attacks, tampering methods, and manipulations commonly used by hackers.
Includes checks for the presence of the most critical vulnerabilities including the OWASP Top 10 vulnerabilities.
- Code Execution
- Buffer Overflows
- File Inclusion
- CRLF Injection
- Cross Frame Scripting (XFS) XPath Injection
- Insecure cookie flags
- URL redirection
- Remote XSL inclusion
- Cross Site Scripting in URI
Network layer testing
Includes checks for the presence of the most critical vulnerabilities.
- Outdated software
- Insecure/default configurations
- Default/weak passwords
- Absence or weak authentication mechanisms
- Deprecated protocols
- Information disclosure
- Code injection
- Denial of service
- Data encryption in network connections and other checks
Weak Server-Side Control
NNTC will evaluate the adequacy of the Weak server-side control.
Insecure Data Storage
NNTC will evaluate the adequacy of the in mobile application.
Insufficient Transport Layer Protection
NNTC will evaluate the adequacy of the transport layer protection security measure.
Unintended Data Leakage
Sometimes developers unknowingly reveal sensitive data through log files or through error messages.
Poor Authorization and Authentication
Many times access to resources hold by sensitive activities is not properly authorized.
This allows an attacker to decrypt the data captured over the network.
NNTC will evaluate the adequacy of the Server-side injection control.
Security Decisions via Untrusted Inputs
NNTC will evaluate the adequacy of the application’s input controls.
Improper Session Handling
Such flow allows an attacker to steal session of legitimate user any perform a malicious activity or steal user data.
Lack of Binary Protection
Lack of binary protection can result in the exposure of application code to the attacker.