Services We Offer | Our Process

Delivering cybersecurity services such as web application vulnerability assessments and penetration tests within Canada:

Application Assessments:

We simulate attacks on your applications (web, API, mobile, point-of-sale systems, kiosks) by testing for flaws which can be leveraged by attackers to steal, leak, misuse or abuse sensitive information or services.

  • Vulnerability or penetration tests for custom-built applications

  • Authenticated or unauthenticated attack scenario perspectives

  • Using primarily manual techniques (and some automation, where applicable)

  • Using both dynamic analysis (DAST) or static analysis (SAST)

Some Common Application Flaws We Test For:

  • Identification, authentication and authorization flaws

  • Session management flaws (e.g. session hijacking)

  • Oauth 2.0 authentication vulnerabilities

  • Misconfiguration and deployment flaws

  • Integration misconfiguration flaws (e.g. third-party components)

  • Captcha bypass, 2FA bypass, rate limit bypass or WAF bypass

  • Insecure 'registration', 'remember me', or 'forgot password' functionality

  • Input or injection flaws (e.g. SSRF, command injection, HTTP parameter pollution).

  • Insecure design flaws

  • Flaws in payment functionality flows

  • Cryptographic misuses or errors

  • File upload vulnerabilities

  • Unintended application leakage from application usage or misuse

  • Client-centric vulnerabilities (e.g. XSS, clickjacking)

  • Business logic flaws and targeted edge cases

  • Account takeover and privilege escalation via chaining of multiple vulnerabilities

Our Process

We have a simple 3 step process to get started with our cybersecurity assessment services:

Image with number 1

Tell us your security needs

Onsite, if local, or via a virtual meeting we discover your business and your security needs, along with type of security testing of interest and potential scope. We will go over our general engagement approach, such as methodology, tooling, and possible attack scenarios and discuss how we may be able to help.

Image with number 2

We perform the work

This is where we perform the assessment, strictly within scope, using vetted tools and approaches, and being mindful of the operational impact on your environment. Many of us have previously held operations roles, so we understand that hitting systems too hard, triggering vast number of alerts, or locking out admins adds negative value. Depending on type of testing, we adjust our approach so as to maximize value, yet produce as safe a test as possible.

Image with number 3

We deliver a report and presentation

The final work product is a report with an executive summary and technical details discussing methodology, tooling, vulnerabilities discovered and attacks leveraged. The report will provide clear description of security risk, likelihood,  impact, and remediation steps. A final presentation is scheduled once you’ve had time to review the final report to discuss vulnerability findings.

Copyright @ 2024 BaseSec Inc. All rights reserved.