Next Gen Security Testing Services

WordPress Security Scan

Ensure that exploitable vulnerabilities are found early, and verifies that remediation is effective.

WordPress Security Scanner tool to discover vulnerability in your Web Application. OWASP Security checks to check for malware, vulnerabilities and other flaws.

Cyber Legion is a One stop-shop solution for all security stakeholders to ensure that their businesses are well guarded against security issues and cyber attacks. One Security platform for all your company security threats, risks, vulnerabilities and engagements.

WordPress Security Scanner

Better vulnerability discovery to find common vulnerabilities which affect web applications. SQL Injection, XSS, OS Command Injection, Directory Traversal and others. The scanner also identifies specific web server configuration issues and vulnerable/unpatched plugins and themes.

The WordPress Vulnerability Scanner is a tool to quickly assess the security of a web application. It is a full web application scanner, capable of performing comprehensive security assessments against any type of web application.

AWS Security Testing

Security Scanner Checklists

  • Fingerprint web server software

  • Analyze HTTP headers for security misconfiguration

  • Check the security of HTTP cookies

  • Check the SSL certificate of the server

  • Check if the server software is affected by known vulnerabilities

  • Check whether a client access file exists, and if it contains a wildcard entry (clientaccesspolicy.xml, crossdomain.xml)

  • Discover server configuration problems such as Directory Listing

  • Check if HTTP TRACK/TRACE methods are enabled

  • Crawl website

  • Check for SQL Injection

  • Check for XSS Cross-Site Scripting

  • Check for LFI & RFI, Local File Inclusion and Remote File Inclusion

  • Check for OS Command Injection

  • Check for Cookieless Cross-Site Scripting

  • Check for SSRF Server Side Request Forgery

  • Check for Open Redirect

  • Check for Code Injection

  • Check for JavaScript Code Injection

  • Check for outdated JavaScript libraries

  • Find admin and sensitive pages

  • Check for sensitive files (archives, backups, certificates, key stores) based on hostname and some common words

  • Check interesting files / functionality

  • Check for information disclosure issues

  • Check for encryption issues

  • Check for commented code/debug messages

  • Check for commented code/debug messages

Security Scanning Workflow – How it Works?

Onboarding to the Secure Client Portal

All Cyber Legion's services are delivered via Web Secure Client Portals.

You can start the scanning process by submitting the "Scan Now" form or sign up for a Free account using the Secure Client Portal. You can get in touch and Cyber Legion team will create an account for you. 

Digital Signature for the NDA & Scanning Agreements

Our Web Client Portal is integrated with Digital Signature, that enables us to sign the required NDA, agreement and to legally engage and perform security scanning on the target systems. 

Security Testing Engagement

We meet agreed SLAs and follow security scanning Framework checklists. You provide the goals, scope, and rules of engagement. We start and deploy scanning right away.

The security testing will start based on the scoping document and approval.

Vulnerability Discovery & Validation

Based on the engagement, our engineering team will leverage our scanner capabilities and start scanning. 

The status of all scanning phases and related findings will be updated in real time, and the you will receive updates and alerts for all steps performed and completed throughout scanning.

Findings, Reporting & Remediation

All security scanning results will be available in real time on our Secure Web Portal which will give you clear visibility on the uncovered vulnerabilities.

Along with the reporting of our findings, we provide you with an extensive set of recommendations to support senior executives and IT/Dev/Engineering teams to implement mitigation and remediation.

We help you accelerate the remediation process for all findings by providing you with specific technical details, testing methodologies, and other actionable insights.

All data is available for visualization, analytics, tracking and reporting inside the Web Portal or to export via online ticketing system. This helps eliminate any obstacles in the remediation process through expert advice from Cyber Legion security researchers.

Cutting edge technology features are available via the Secure Client Portal.

Retesting & Validation of Remediation

Our security testing includes a Free rescanning and validation to confirm if the issue has been fixed or the mitigations have been implemented.

Continuous Vulnerability Discovery

You can choose various security testing services for continuous vulnerability discovery and validation. All delivered via the Secure Client Portal

Frequently Asked Questions – FAQ’s

You must send the request along with the message related to the targets scope for the Subscription Package you are interested in or request a custom offer.

We will take care of answering you in a very short time and setting up your Subscription. From there you will receive by email all the steps to follow as well as the Invoice, the Contract and the NDA – Non-disclosure Agreement.

Once we’ve completed all of these steps and obtained your approval for the targets that are within the scope of the scan / test, we can arrange the schedule according to the specified time frame. 

A target is a system that we can scan/test using our tools.

e.g web app, application repository, mobile app, IP etc

Security scanning, or vulnerability scanning, can mean many different things, but it can be simply described as scanning the security of a website, web-based program, network, or file system for either vulnerabilities or unwanted file changes.

The WordPress Security Scanner is a scanning method that examines an application as it’s running to find vulnerabilities that an attacker could exploit.

This scanning method can help to find certain vulnerabilities in web applications while they are running in production.

Cyber Legion focus on modular security testing approach that include commercial, open source and custom testing scripts that can be run against targeted assets during the product full development lifecycle from design to production and in complete synch with client’s processes and technology stack.

Using a Secure Client Portal, the latest and most advanced security tools and commitment to innovation, we ensure that our clients continually benefit from Professional Cyber Services to detect, prevent and respond to threats & cyber attacks.

We follow precise testing checklists and Frameworks guidelines  that ensures a complete coverage of the security assessment. OWASP, SANS, NIST, CREST etc

Once we have completed all the scans/tests, we’ll ingested all the discovery data in the Web Portal (2nd Portal) so that you can Analyze, Prioritize, View, Track, Report and Fix any detected vulnerability.

Important: We’ll need  to whitelist your IP addresses to be able access the Portal.

Our Professional Security Engineers perform the scans and tests and provide you with all the resulting data through the web portal.

Vulnerability testing is an essential part of mitigating your organization’s security risks. By using a vulnerability scanners to identify the points of weakness in your systems, you can reduce the attack surface that criminals might exploit, focusing your security efforts on the most likely targeted areas.

Identifying and Fixing vulnerabilities will help you improve your security defenses for not just your business but your staff, clients, customers, and partners.

  • Identify weaknesses
  • Prevent attacks
  • Protect sensitive data
  • Protect reputation
  • Avoid fines and ransom costs

Unauthenticated Scan

This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues on exposed services. It does not login to the system, therefore does not run more detailed checks that would only be possible when using local administrative user credentials.

Authenticated Scan

This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues, by logging into the host as an administrative user. This performs a much more detailed review and covers patch checking and configuration issues for the unexposed services on the host. If you wished to check all patching levels of systems across your network, an authenticated test would be the best option.

The Scanner is able to scan the target web application as an authenticated user. You can provide us with authentication credentials in several ways:

  • User/Password Authentication: When this option is chosen, the scanner will first try to authenticate to the provided login URL and obtain a valid session cookie. This cookie will be used with all the HTTP requests done to the server, performing an authenticated scan. You have the option to check if the authentication was successful before actually starting the scan.
  • Cookie Authentication: With this option you can specify an already valid session cookie (or multiple cookies) that will be sent with each HTTP request to the server. You have to first get the session cookie by manually logging into your target application with a web browser and transferring the cookie from the browser to the scanner (copy/paste).
  • Headers Authentication: This option allows you to specify custom HTTP headers that will be sent with each request to the target application. These can be used for authentication (e.g. JWT tokens, Basic Authentication, etc.) or for other specific application functionality. 

Our specialized team of security professionals hold industry qualifications such as CREST, OSCP, CISSP, CISM, CEH and Cloud security certification such as AWS, azure, GCP etc.

We are a SC Cleared team combine this with many years of industry experience at the highest level working across all industry sectors. We are skills hands-on engineers with clear track record of implementing, running managing security testing programs across various organizations.

This statement refers to Cyber Legion services that are delivered through Web Client Portals.

→ Web Portal 1 – Features & Capabilities 

  • Private & Secure Client Portal
  • NDA, Contract & Digital Signature
  • Estimates, Invoices & Payments
  • Work Request Scheduler
  • Client File Upload/Download
  • Complete Project Management Solution
  • Private meeting & messaging

 

→ Web Portal 2 – Features & Capabilities

  • Private & Secure Client Portal
  • Client Workspace
  • Rea Time Finding Analytics & Statistics
  • Assets & Vulnerability Details
  • Artefacts & Attack Path
  • Engagement & Testing Reporting

 

You can Start for Free by register your account on the Secure Client Portal and benefit of a large are of services, all at your fingerprints.

Our scanner sends and average of up to 10,000 HTTP requests. This may trigger alarms from IDS devices but you should know that it is not a destructive scan.

Discover, Analyze, Prioritize, Track, Visualize & Report

- Penetration Testing Services- Penetration-Testing-Findings

We can help improve your Business

Ensure your Organization Assets are well  protected in front of the Cyber Attacks

Delivery Workflow

Register for Free and get your test done withn 24 to 48 hours

See Workflow

Sample Report

Here is a sample report of a Security Testing Engagement

See Sample Report PDF

Work Request

Order your security test and Get Your Report

Get Your Test Report

1. Client Onboarding

Access to all of Cyber Legion's services is provided through the Web Secure Client Portal. To create a Free account, you can sign up through the portal, or contact the Cyber Legion team and they will set up an account for you.

2. NDA , Agreements & Digital Signature

The integration of Digital Signature in our Web Client Portal allows us to legally sign all necessary documents and agreements, enabling us to carry out security assessments on targeted systems.

3. Submit Work Request

Our pricing structure is adaptable to meet the needs of all clients. By filling out the Work Request Form, you can select from pre-existing services or request a personalized proposal.

The Cyber Legion team will acknowledge your order, set up a project in your account, and proceed with the testing and delivery.

4. Security Testing & Report

We meet agreed upon SLAs and follow security testing framework checklists. Based on our commitment, our team of engineers will utilize all of our tools, automation, and testing capabilities to achieve the objectives.

Within the agreed upon timeframe, you will receive a report on the security test that was conducted, including the results, recommendations, and references for addressing any identified issues.

5. Retesting & Validation of Remediation

We not only identify potential threats, risks, and vulnerabilities, but also provide detailed recommendations for resolution. To ensure complete remediation, we offer complimentary retesting and a range of ongoing security testing options for continued vulnerability detection and verification.