real testing not just scans

Vulnerability scanning is NOT a PenTest

It’s important that the world knows that a vulnerability assessment is not a Penetration Test. We, as passionate practicioners, are concerned by the vast misrepresentation of PenTests within the market and the false sense of fortitude they are providing. Our goal is to provide our customers with clarity and understanding around all that we do and that authentic Penetration Tests are valuable to organizations that may not be ready for services such as Continous Adversary Emulation.

Even scoped testing can provide value...

BuddoBot’s Penetration Testing services are two-week, scoped, services designed to deep dive into a particular external network range or application.

BuddoBot recognizes that not all organizations are ready for Continuous Adversary Emulation. We also understand that some companies require a deep dive into specific assets, like infrastructure, web, or mobile applications.

BuddoBot’s Penetration Testing service leverages our Offensive Security Engineers to identify vulnerabilities deeply embedded in these assets.

Key elements of our Penetration Tests

  • Scoped/Planned testing
  • External Infrastructure PenTest
  • Web Application PenTest
  • Offered A-la-carte and as a Continous Package

External Infrastructure Penetration Testing

When handed an external network range, BuddoBot Offensive Security Engineers start with complete server and port level analysis.

Each identified service is checked for patch levels and CVEs, credentialed access, and misconfigurations based on the service. Special attention is given to:  

  • Remote administration services and protocols (VPN, SSH, RDP, FTP, IKE, ++)
  • Technology administration web panels
  • Cloud infrastructure configurations (Azure, GCP, AWS)
  • Mail services (relays, OWA, O365)
  • Known breached credentials

While penetration testing an external network range, BuddoBot Offensive Security Engineers will also perform unauthenticated web application penetration testing using the above-outlined Web Application Penetration Testing methodology.

Web Application Penetration Testing

When hacking web applications, the golden standard is covering things like the OWASP Top Ten vulnerabilities, using the OWASP Testing Guide. While we do identify these vulnerabilities, we have developed an in-house methodology for application testing:

View Our Methodology | Click to Expand

Identification and OSINT analysis of all components of the stack

  • Server – Open ports and Services
  • Web Server Software
  • Application Framework
  • Custom or COTS code (most applications)
  • Application Libraries
  • Server Integrations

Known CVE Analysis using our home-grown automation

Deep manual security assessment specifically in these areas

  • Authentication
  • Authorization
  • Misconfiguration
  • Persistent User Input
  • Multiple User Levels
  • Application Integration Functions
  • Upload and Export Functions
  • API Calls
  • Admin Tools
  • Dynamic Parameters/Paths

Comprehensive Content Discovery

  • Historical Link Analysis
  • Spidering
  • Contextual Brute Force with recursion
  • JavaScript Analysis (paths, parameters, de-obfuscation, libraries)

Thorough Input Analysis

  • Reflected content analysis
  • Fuzz testing (dynamic parameters, REST API functions, XML, JSON, URL Parsers, File Uploads) for XSS, SQLi, SSRF, SSTI, LFI, Command Injection, and more.

Logic, Authorization, and Access Control Issues

  • Stage bypass
  • No authorization access
  • Limited user access
  • Broken SSO configuration
  • Testing abuse primitives in applications

And much, much more….