Vulnerability scanning is NOT a PenTest
It’s important that the world knows that a vulnerability assessment is not a Penetration Test. We, as passionate practicioners, are concerned by the vast misrepresentation of PenTests within the market and the false sense of fortitude they are providing. Our goal is to provide our customers with clarity and understanding around all that we do and that authentic Penetration Tests are valuable to organizations that may not be ready for services such as Continous Adversary Emulation.
Even scoped testing can provide value...
BuddoBot’s Penetration Testing services are two-week, scoped, services designed to deep dive into a particular external network range or application.
BuddoBot recognizes that not all organizations are ready for Continuous Adversary Emulation. We also understand that some companies require a deep dive into specific assets, like infrastructure, web, or mobile applications.
BuddoBot’s Penetration Testing service leverages our Offensive Security Engineers to identify vulnerabilities deeply embedded in these assets.
Key elements of our Penetration Tests
- Scoped/Planned testing
- External Infrastructure PenTest
- Web Application PenTest
- Offered A-la-carte and as a Continous Package


External Infrastructure Penetration Testing
When handed an external network range, BuddoBot Offensive Security Engineers start with complete server and port level analysis.
Each identified service is checked for patch levels and CVEs, credentialed access, and misconfigurations based on the service. Special attention is given to:
- Remote administration services and protocols (VPN, SSH, RDP, FTP, IKE, ++)
- Technology administration web panels
- Cloud infrastructure configurations (Azure, GCP, AWS)
- Mail services (relays, OWA, O365)
- Known breached credentials
While penetration testing an external network range, BuddoBot Offensive Security Engineers will also perform unauthenticated web application penetration testing using the above-outlined Web Application Penetration Testing methodology.
Web Application Penetration Testing
When hacking web applications, the golden standard is covering things like the OWASP Top Ten vulnerabilities, using the OWASP Testing Guide. While we do identify these vulnerabilities, we have developed an in-house methodology for application testing:
View Our Methodology | Click to Expand
Identification and OSINT analysis of all components of the stack
- Server – Open ports and Services
- Web Server Software
- Application Framework
- Custom or COTS code (most applications)
- Application Libraries
- Server Integrations
Known CVE Analysis using our home-grown automation
Deep manual security assessment specifically in these areas
- Authentication
- Authorization
- Misconfiguration
- Persistent User Input
- Multiple User Levels
- Application Integration Functions
- Upload and Export Functions
- API Calls
- Admin Tools
- Dynamic Parameters/Paths
Comprehensive Content Discovery
- Historical Link Analysis
- Spidering
- Contextual Brute Force with recursion
- JavaScript Analysis (paths, parameters, de-obfuscation, libraries)
Thorough Input Analysis
- Reflected content analysis
- Fuzz testing (dynamic parameters, REST API functions, XML, JSON, URL Parsers, File Uploads) for XSS, SQLi, SSRF, SSTI, LFI, Command Injection, and more.
Logic, Authorization, and Access Control Issues
- Stage bypass
- No authorization access
- Limited user access
- Broken SSO configuration
- Testing abuse primitives in applications
And much, much more….
