Sow - VAPT Leadsqured
Sow - VAPT Leadsqured
Sow - VAPT Leadsqured
To
Anuraag Gorty Contact No. 9703904334
Leadsquared
Indusface Contact
Channdan Raath VP-SOUTH Mob:9741430712
Indusface
HQ: A/ 2-3, 3rd Floor, Status Plaza,
Opp Relish Resort, Atladara Old Padra
road,
Vadodara-390020, Gujarat
PRODUCT SUITES:
RISK PROTECTION:
• APPTRANA FOR WEBSITES & APPLICATIONS - WEB APPLICATION & API PROTECTION (WAAP)
PLATFORM WITH INTEGRATED SCANNER, WAF, DDOS & BOT MITIGATION SOLUTION AND WEBSITE
ACCELERATION THROUGH CDN
• APPTRANA FOR APIS -INDUSTRY’S FIRST RISK BASED API PROTECTION PLATFORM WITH INTEGRATED
API SCANNER, WAF, DDOS & BOT MITIGATION SOLUTION & DISCOVERY OF SHADOW APIS
• SSL CERTIFICATES - PUBLICLY TRUSTED DIGITAL CERTIFICATES FOR WEBSITES. POWERED BY ENTRUST
DATACARD
RISK DETCTION:
• INDUSFACE WAS FOR MOBILE APPLICATIONS - DYNAMIC APPLICATION SECURITY TESTING (DAST)
PLATFORMFOR MOBILE APP. RISK ASSESSMENT
• INDUSFACE WAS FOR API - DYNAMIC APPLICATION SECURITY TESTING (DAST) PLATFORM FOR API
RISK ASSESSMENT
1. SCOPE
Indusface WAS Advance provides continuous web application scanning to detect and report application
vulnerabilities. Offered as an independent SaaS product, it helps discover and manage OWASP top 10
vulnerabilities and malwares risks by reporting them consistently on our dashboard in real-time.
With blacklisting and defacement detection, it ensures that your public-facing application is not hacked and
damage brand reputation. Indusface WAS Advance is easy-to-deploy and covers multiple security demands
including vulnerability assessment, application auditing, and malware monitoring.
Indusface proposes Premium Plan of our solution Indusface WAS to <Company Name> for <x> applications.
FEATURES
• Guided Scans can be enabled to ensure automated scans reaches pages that other scans cannot. The
details will be collected by Indusface team as and when needed
• Extensive manual penetration testing checks to discover application specific business logical
vulnerabilities
• Expert vetting of vulnerabilities ensures removal of any potential false positives that are found
through automated scanning
Malware Monitoring
• Ongoing monitoring of malware attack vectors and sophistication of newly discovered malware that
have been effectively used and deployed by hackers
• Also detects dead or inactive malware by monitoring external JavaScript and hidden iframes placed
on an application
Blacklisting Detection
Defacement Detection
• Indusface WAS Premium continuously checks your application changes and detects for possible
defacement changes
• Daily defacement checks protect the brand, credibility and reputation of an organization
Informative Dashboard
• Comprehensive synopsis of reported vulnerabilities and malware along with support options in
predefined report formats
• Customized reporting feature allows a user to create custom reports based on desired fields and
format
Authenticated Scans
• Scans behind authenticated pages is part of the scope. Authentication details should be provided
when the site is on-boarded
OWASP Top 10
OWASP 1 OWASP 5
SQL Injection Security misconfiguration (unused pages, unprotected files/folders ),
webserver and OS vulnerabilities
Insecure Direct Object Secure Communication, API authentication, Data formats, Access control,
Reference Injection attack in API
Indusface Defined Checks
Password Auto-Complete Hidden iframe detection
Service enumeration Malicious file can be uploaded on the server
Port scanning Check HTTP Methods, Check for Cookie Attributes
Network device related Application specific vulnerabilities (SSH, POP, SMTP, SSH, FTP,etc)
vulnerabilities
Logical Checks
Abuse of Functionality Insufficient Anti-automation
Insufficient Authentication Email ids can be harvested for spamming
By Pass Authentication Insufficient password recovery
Insufficient process validation Application does not display last login time
Server side validation
Malware Monitoring
Malware infection detection to Malicious obfuscated javascript execution alert
application users
Suspicious activity(including Website blacklisting status as reported by Google, Mcafee, Norton,
Zero day) happening on the Phishtank etc.
application
Application redirects user to Website defacement detection
blacklisted URL
Application specific business logical checks are carried out by security experts. These experts shall
undergo a walkthrough of the web application to understand various threat scenarios and functionality of
the application before a business logic test can be performed.