GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Tech Secure and protect your website against hackers !!!

Nick Tosser · 06-10-2015, 10:53 AM

I suggest you to secure a maximum your adult or mainstream websites and for that a security audit and an intrusion application is required !

Scan + application security intrusion testing on service provision contract only.

-> Full Pentest web + Server audit => $3,223

Working time: 2 weeks (10 days)

Payment deadline:

1. 50% of total prior to starting work
2. 30% after the submission of reports
3. 20% after a new test

Validity of price for 30 days after signing the contract.

Objective

A successfully delivered Service will address the following issues:

Identify existing vulnerabilities at application, system and network level.

Arrange identified vulnerabilities based on their severity rating.

Provide recommendations on related risks mitigation.

Methodology:

Resource audit carried out by "BlackBox" and included the following:

∙ Passive information collection;

∙ Defining the Web environment;

∙ Platform Identification;

∙ Determine the type of CMS;

∙ Port scanning;

∙ Collection of banners / search public exploits; ∙ Automatic scanning; ∙ Data analysis; ∙ Load test; ∙ Manual analysis in passive mode; ∙ Information analysis; ∙ Analysis of the attack vectors; ∙ Acknowledgement attack vectors; ∙ Reporting.

Actions :

∙ Vulnerability Scan server components; ∙ Search for vulnerabilities in web server environment; ∙ Check on the remote execution of arbitrary code; ∙ Overflow (buffer etc.); ∙ Check for code injection; ∙ Attempts to circumvent the authentication web resource; ∙ Check the web resource for the presence of XSS / CSRF vulnerabilities; ∙ Attempts to intercept privileged accounts (or the accounts of the session); ∙ Attempts to Remote File Inclusion / Local File Inclusion; ∙ Check components with known vulnerabilities; ∙ Check for redirection to other sites and open redirects; ∙ Scan directories and files, using brute force and «google hack»; ∙ Analysis of the search forms, registration forms, login forms, etc .; ∙ Checks the resource open to the possibility of obtaining confidential and sensitive information.

∙ Race condition;

∙ Bruteforce.

Network:

· Probe (or surveillance). Data gathering.

· Denial of service. This is really the consequence of an attack.

· R2L (remote to local), i.e., unauthorized access from a remote machine.

· U2R (user to root), i.e., unauthorized transition to root for an unprivileged user, privilege escalation.

· Data. This is meant to represent attacks whose goal is to obtain and extract (“exfiltrate”) confidential files from a system.

Web:

· A1 Injection ;

· A2 Broken Authentication and Session Management;

· A3 Cross-Site Scripting (XSS);

· A4 Insecure Direct Object References;

· A5 Security Misconfiguration ;

· A6 Sensitive Data Exposure ;

· A7 Missing Function Level Access Control ;

· A8 Cross-Site Request Forgery (CSRF);

· A9 Using Components with Known Vulnerabilities;

· A10 Invalidated Redirects and Forwards.

THE REPORT MUST BE CONTAIN THE IDENTIFIED VULNERABILITIES, DISTRIBUTED BY LEVEL OF CRITICALITY AND FEASIBILITY AND RECOMMENDATIONS, COMPLIANCE INFORMATION SECURITY.

Any intrusion test will only be made after signing a service contract duly signed by both parties and for management reasons the settlement will be made only via PayPal.
I remain at your disposal for any additional information on:
Skype => mtg-multimedia
mail: prestaseo519[at]gmail[dot]com

06-10-2015, 10:53 AM
Nick Tosser Confirmed User Industry Role: Join Date: Jun 2008 Location: Worldwide Posts: 168	Secure and protect your website against hackers !!! I suggest you to secure a maximum your adult or mainstream websites and for that a security audit and an intrusion application is required ! Scan + application security intrusion testing on service provision contract only. -> Full Pentest web + Server audit => $3,223 Working time: 2 weeks (10 days) Payment deadline: 1. 50% of total prior to starting work 2. 30% after the submission of reports 3. 20% after a new test Validity of price for 30 days after signing the contract. Objective A successfully delivered Service will address the following issues: Identify existing vulnerabilities at application, system and network level. Arrange identified vulnerabilities based on their severity rating. Provide recommendations on related risks mitigation. Methodology: Resource audit carried out by "BlackBox" and included the following: ∙ Passive information collection; ∙ Defining the Web environment; ∙ Platform Identification; ∙ Determine the type of CMS; ∙ Port scanning; ∙ Collection of banners / search public exploits; ∙ Automatic scanning; ∙ Data analysis; ∙ Load test; ∙ Manual analysis in passive mode; ∙ Information analysis; ∙ Analysis of the attack vectors; ∙ Acknowledgement attack vectors; ∙ Reporting. Actions : ∙ Vulnerability Scan server components; ∙ Search for vulnerabilities in web server environment; ∙ Check on the remote execution of arbitrary code; ∙ Overflow (buffer etc.); ∙ Check for code injection; ∙ Attempts to circumvent the authentication web resource; ∙ Check the web resource for the presence of XSS / CSRF vulnerabilities; ∙ Attempts to intercept privileged accounts (or the accounts of the session); ∙ Attempts to Remote File Inclusion / Local File Inclusion; ∙ Check components with known vulnerabilities; ∙ Check for redirection to other sites and open redirects; ∙ Scan directories and files, using brute force and «google hack»; ∙ Analysis of the search forms, registration forms, login forms, etc .; ∙ Checks the resource open to the possibility of obtaining confidential and sensitive information. ∙ Race condition; ∙ Bruteforce. Network: · Probe (or surveillance). Data gathering. · Denial of service. This is really the consequence of an attack. · R2L (remote to local), i.e., unauthorized access from a remote machine. · U2R (user to root), i.e., unauthorized transition to root for an unprivileged user, privilege escalation. · Data. This is meant to represent attacks whose goal is to obtain and extract (“exfiltrate”) confidential files from a system. Web: · A1 Injection ; · A2 Broken Authentication and Session Management; · A3 Cross-Site Scripting (XSS); · A4 Insecure Direct Object References; · A5 Security Misconfiguration ; · A6 Sensitive Data Exposure ; · A7 Missing Function Level Access Control ; · A8 Cross-Site Request Forgery (CSRF); · A9 Using Components with Known Vulnerabilities; · A10 Invalidated Redirects and Forwards. THE REPORT MUST BE CONTAIN THE IDENTIFIED VULNERABILITIES, DISTRIBUTED BY LEVEL OF CRITICALITY AND FEASIBILITY AND RECOMMENDATIONS, COMPLIANCE INFORMATION SECURITY. Any intrusion test will only be made after signing a service contract duly signed by both parties and for management reasons the settlement will be made only via PayPal. I remain at your disposal for any additional information on: Skype => mtg-multimedia mail: prestaseo519[at]gmail[dot]com __________________ “We waste time looking for the perfect lover, instead of creating the perfect love.” ― Tom Robbins