Beyond Penetration testing
We ensure that the API, Supporting backend Infrastructure and Authentication of your API are secure.
We understand your API through multiple rounds of interactions in the pre-engagement process and then we identify your core competencies. We perform quick code analysis and understand your documentation both for regular user and admin user.We understand “Valid request data” through known-good param values and order of function calls
We fully map the API, listing all methods and functionality at the start of an assessment. We model security threats before initiating any security assessments. We analyze ASMX/Helpdocs etc to ensure we map your API correctly
Entersoft's white hat hackers will perform source code analysis on your app to find exceptions. We perform extensive source code analysis (based on CERT secure coding standards) to identify sensitive information like hard coded keys and code blocks that are vulnerable to exploitation
Vulnerability Analysis – We follow REST OWASP cheat sheet in OWASP API Security Project. As a part of Exploitation, Our White hats will try to exploit the vulnerabilities identified during the static and dynamic analysis phase and see the extent of losses that are possible through the identified bugs. We provide required steps to reproduce the bug.
Most critical security loopholes arise due to business logic flaws. Business logic flaws in tandem with standard security threats can cause major losses to organizations. We run comprehensive tests your important business logics that could adversely affect your security.
We provide a comprehensive API security assessment report that’s understandable by your dev team. We work with your team to fix the identified loopholes.