Backup the website and install locally

We will first make a total backup of your website and install it locally to one of our servers. By doing this we make sure we can scan the total site without any dangers for the client. Scanning on live systems can get websites to crash and take the website offline.

Content Discovery

As you might guess, before identifying vulnerabilities in your website it is necessary to fully discover it. For this purpose we are using 2 different techniques: crawling (spidering) and hidden content discovery techniques.

Crawling

Crawling consist of 2 steps: first, we manually crawl your website to get content and after that we are using automatic crawling which is simply an automatic process done by our tools to get through links which your website has.

Hidden Content Discovery

Hidden content discovery is the process of identifying content which is not linked from visible content that you can browse. For this purpose, we use some general techniques such as name guessing and extrapolation from naming conventions detected in use within the web application. So, to sum it up, in order to discover content we first crawl it manually, then automatically and at the end we use some techniques to discover hidden content.

Auditing for Vulnerabilities

After getting all links your website has, we start implementing the second stage - auditing. In order to more efficiently explore functions that store and return user input, we carry out scans in 3 different stage: active, passive and JS ( JavaScript ) analysis.

Passive

In the passive stage, we are detecting such vulnerabilities which can be easily exposed just by analyzing requests and responses. We can refer to serialized objects in HTTP messages as an example of such vulnerabilities.

Active

in the active stage, issues, we are detecting can be grouped into the following: light, medium and intrusive active vulnerabilities. Light active issues are such type of vulnerabilities which can be identified even by making a very small number of pure requests. Cross-origin resource sharing can be considered to be an example of such issues.   Medium active issues are being detected by making requests that might be considered malicious ( for example, OS command injection ).   Finally By making requests that carry a higher risk of damaging the application data(for example SQL injection) we are detecting intrusive active issues.

JavaScript analysis

The last stage of scanning is JS analysis. In this phase vulnerabilities, we are detecting, can be identified by analyzing the JS that is executed by the web application on the client side. DOM-based cross-site scripting is one of the examples of these type of vulnerabilities.   In order to identify a wide range of DOM-based vulnerabilities, we are using 2 types of analysing: static and dynamic.   In the static analysis in order to identify the sources which can be controlled by an attacker JavaScript code is parsed to build an abstract syntax tree. In this phase we analyze code, find flows to identify ways via which malicious input can be easily transferred to dangerous places.   In dynamic analysis, at places that can be controlled by any attacker, payloads are injected into the DOM and JS is executed within the response. In addition, for purposes of achieving maximum code coverage, such mouse events as "in onclick" are created to interact with the page.