Next Gen Security Testing Services

Next Gen Security Testing Services

WordPress Security Scan

Ensure that exploitable vulnerabilities are found early, and verifies that remediation is effective.

WordPress Security Scanner tool to discover vulnerability in your Web Application. OWASP Security checks to check for malware, vulnerabilities and other flaws.

Cyber Legion is a One stop-shop solution for all security stakeholders to ensure that their businesses are well guarded against security issues and cyber attacks. One Security platform for all your company security threats, risks, vulnerabilities and engagements.

WordPress Security Scanner

Better vulnerability discovery to find common vulnerabilities which affect web applications. SQL Injection, XSS, OS Command Injection, Directory Traversal and others. The scanner also identifies specific web server configuration issues and vulnerable/unpatched plugins and themes.

The WordPress Vulnerability Scanner is a tool to quickly assess the security of a web application. It is a full web application scanner, capable of performing comprehensive security assessments against any type of web application.

AWS Security Testing

Security Scanner Checklists

  • Fingerprint web server software

  • Analyze HTTP headers for security misconfiguration

  • Check the security of HTTP cookies

  • Check the SSL certificate of the server

  • Check if the server software is affected by known vulnerabilities

  • Check whether a client access file exists, and if it contains a wildcard entry (clientaccesspolicy.xml, crossdomain.xml)

  • Discover server configuration problems such as Directory Listing

  • Check if HTTP TRACK/TRACE methods are enabled

  • Crawl website

  • Check for SQL Injection

  • Check for XSS Cross-Site Scripting

  • Check for LFI & RFI, Local File Inclusion and Remote File Inclusion

  • Check for OS Command Injection

  • Check for Cookieless Cross-Site Scripting

  • Check for SSRF Server Side Request Forgery

  • Check for Open Redirect

  • Check for Code Injection

  • Check for JavaScript Code Injection

  • Check for outdated JavaScript libraries

  • Find admin and sensitive pages

  • Check for sensitive files (archives, backups, certificates, key stores) based on hostname and some common words

  • Check interesting files / functionality

  • Check for information disclosure issues

  • Check for encryption issues

  • Check for commented code/debug messages

  • Check for commented code/debug messages

Security Scanning Workflow – How it Works?

Onboarding to the Secure Client Portal

All Cyber Legion's services are delivered via Web Secure Client Portals.

You can start the scanning process by submitting the "Scan Now" form or sign up for a Free account using the Secure Client Portal. You can get in touch and Cyber Legion team will create an account for you. 

Digital Signature for the NDA & Scanning Agreements

Our Web Client Portal is integrated with Digital Signature, that enables us to sign the required NDA, agreement and to legally engage and perform security scanning on the target systems. 

Security Testing Engagement

We meet agreed SLAs and follow security scanning Framework checklists. You provide the goals, scope, and rules of engagement. We start and deploy scanning right away.

The security testing will start based on the scoping document and approval.

Vulnerability Discovery & Validation

Based on the engagement, our engineering team will leverage our scanner capabilities and start scanning. 

The status of all scanning phases and related findings will be updated in real time, and the you will receive updates and alerts for all steps performed and completed throughout scanning.

Findings, Reporting & Remediation

All security scanning results will be available in real time on our Secure Web Portal which will give you clear visibility on the uncovered vulnerabilities.

Along with the reporting of our findings, we provide you with an extensive set of recommendations to support senior executives and IT/Dev/Engineering teams to implement mitigation and remediation.

We help you accelerate the remediation process for all findings by providing you with specific technical details, testing methodologies, and other actionable insights.

All data is available for visualization, analytics, tracking and reporting inside the Web Portal or to export via online ticketing system. This helps eliminate any obstacles in the remediation process through expert advice from Cyber Legion security researchers.

Cutting edge technology features are available via the Secure Client Portal.

Retesting & Validation of Remediation

Our security testing includes a Free rescanning and validation to confirm if the issue has been fixed or the mitigations have been implemented.

Continuous Vulnerability Discovery

You can choose various security testing services for continuous vulnerability discovery and validation. All delivered via the Secure Client Portal

Frequently Asked Questions – FAQ’s

You must send the request along with the message related to the targets scope for the Subscription Package you are interested in or request a custom offer.

We will take care of answering you in a very short time and setting up your Subscription. From there you will receive by email all the steps to follow as well as the Invoice, the Contract and the NDA – Non-disclosure Agreement.

Once we’ve completed all of these steps and obtained your approval for the targets that are within the scope of the scan / test, we can arrange the schedule according to the specified time frame. 

A target is a system that we can scan/test using our tools.

e.g web app, application repository, mobile app, IP etc

Security scanning, or vulnerability scanning, can mean many different things, but it can be simply described as scanning the security of a website, web-based program, network, or file system for either vulnerabilities or unwanted file changes.

The WordPress Security Scanner is a scanning method that examines an application as it’s running to find vulnerabilities that an attacker could exploit.

This scanning method can help to find certain vulnerabilities in web applications while they are running in production.

Cyber Legion focus on modular security testing approach that include commercial, open source and custom testing scripts that can be run against targeted assets during the product full development lifecycle from design to production and in complete synch with client’s processes and technology stack.

Using a Secure Client Portal, the latest and most advanced security tools and commitment to innovation, we ensure that our clients continually benefit from Professional Cyber Services to detect, prevent and respond to threats & cyber attacks.

We follow precise testing checklists and Frameworks guidelines  that ensures a complete coverage of the security assessment. OWASP, SANS, NIST, CREST etc

Once we have completed all the scans/tests, we’ll ingested all the discovery data in the Web Portal (2nd Portal) so that you can Analyze, Prioritize, View, Track, Report and Fix any detected vulnerability.

Important: We’ll need  to whitelist your IP addresses to be able access the Portal.

Our Professional Security Engineers perform the scans and tests and provide you with all the resulting data through the web portal.

Vulnerability testing is an essential part of mitigating your organization’s security risks. By using a vulnerability scanners to identify the points of weakness in your systems, you can reduce the attack surface that criminals might exploit, focusing your security efforts on the most likely targeted areas.

Identifying and Fixing vulnerabilities will help you improve your security defenses for not just your business but your staff, clients, customers, and partners.

  • Identify weaknesses
  • Prevent attacks
  • Protect sensitive data
  • Protect reputation
  • Avoid fines and ransom costs

Unauthenticated Scan

This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues on exposed services. It does not login to the system, therefore does not run more detailed checks that would only be possible when using local administrative user credentials.

Authenticated Scan

This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues, by logging into the host as an administrative user. This performs a much more detailed review and covers patch checking and configuration issues for the unexposed services on the host. If you wished to check all patching levels of systems across your network, an authenticated test would be the best option.

The Scanner is able to scan the target web application as an authenticated user. You can provide us with authentication credentials in several ways:

  • User/Password Authentication: When this option is chosen, the scanner will first try to authenticate to the provided login URL and obtain a valid session cookie. This cookie will be used with all the HTTP requests done to the server, performing an authenticated scan. You have the option to check if the authentication was successful before actually starting the scan.
  • Cookie Authentication: With this option you can specify an already valid session cookie (or multiple cookies) that will be sent with each HTTP request to the server. You have to first get the session cookie by manually logging into your target application with a web browser and transferring the cookie from the browser to the scanner (copy/paste).
  • Headers Authentication: This option allows you to specify custom HTTP headers that will be sent with each request to the target application. These can be used for authentication (e.g. JWT tokens, Basic Authentication, etc.) or for other specific application functionality. 

Our specialized team of security professionals hold industry qualifications such as CREST, OSCP, CISSP, CISM, CEH and Cloud security certification such as AWS, azure, GCP etc.

We are a SC Cleared team combine this with many years of industry experience at the highest level working across all industry sectors. We are skills hands-on engineers with clear track record of implementing, running managing security testing programs across various organizations.

This statement refers to Cyber Legion services that are delivered through Web Client Portals.

→ Web Portal 1 – Features & Capabilities 

  • Private & Secure Client Portal
  • NDA, Contract & Digital Signature
  • Estimates, Invoices & Payments
  • Work Request Scheduler
  • Client File Upload/Download
  • Complete Project Management Solution
  • Private meeting & messaging

 

→ Web Portal 2 – Features & Capabilities

  • Private & Secure Client Portal
  • Client Workspace
  • Rea Time Finding Analytics & Statistics
  • Assets & Vulnerability Details
  • Artefacts & Attack Path
  • Engagement & Testing Reporting

 

You can Start for Free by register your account on the Secure Client Portal and benefit of a large are of services, all at your fingerprints.

Our scanner sends and average of up to 10,000 HTTP requests. This may trigger alarms from IDS devices but you should know that it is not a destructive scan.

Discover, Analyze, Prioritize, Track, Visualize & Report

- Penetration Testing Services- Penetration-Testing-Findings

Discover Vulnerabilities that Matters

  • Understand your organizational risk profile

    Identify your attack surface and protect is based on business impact. Make security investments that count.

  • Focus on what matters

    Discover every Vulnerability that Matters. Scale your security testing from zero to hundreds and never miss a test deadline again.

  • Gain visibility into your organizational risks and vulnerable assets

    Identify hackers’ complete attack routes to sensitive business assets and highlight cybersecurity issues.

  • Measure, track, and improve your cybersecurity maturity

    Enhance your risk prevention capabilities, see how they evolve over time, and evaluate how they hold up against your industry competitors.

  • Optimize your security testing processes

    You deserve to find all the vulnerabilities that affect your Organization. Using the latest and most advanced security tools and commitment to innovation, we ensure that our clients continually benefit from Professional Cyber Services to detect, prevent and respond to threats & cyber attacks.

Discover every Vulnerability that Matters
Risk Mitigation & Optimization

Benefits With Our Testing Services

  • Take advantage of technology, AI & HI

    Get the power of technology, artificial and human intelligence to simplify the vulnerability discovery and remediation processes & timelines.

  • Manage your organization's security vulnerabilities

    Identify and manage your organization’s security vulnerabilities via the Secure Client Portal. Next generation security testing based on modular scripts, machine learning, human intelligence and client requirements.

  • Take control of your Security Testing and Monthly costs

    Looking for alternative solutions to protect your Organization. you could own a complete solution of Next Gen Security Testing Services

  • Get ready to protect your Organization

    We helps businesses focus on what they do best while we conduct continues security testing to protect their Organizations to remain resilient against Cyber Attacks and Data Breaches.

  • Take control of your company's assets

    Incorporate your company’s assets, web application, mobile, application, API, IoT devices, or network components into the Cyber Legion platform and benefit from ongoing information and cyber security services.

  • Take off your Security concerns

    CyberCrime can have a significant negative impact on your business if proper precautions are not taken to prevent it.

Why Choose Cyber Legion

Client Testimonials

Cyber Security Automation
Very Good Work Shown By This Company To Solve Cyber Problems

We contracted Cyber ​​​​Legion to do some security testing for our new web applications and APIs and we were very pleased with the results and the vulnerabilities they found, some serious flaws! I received access to the portal where I worked with the team. All details were clearly reported and we have received full support until all vulnerabilities were fixed.

I Tentis

Founder & CEO Ecobild

Get Started Today & Improve your Business Security Posture

We Help Companies to Avoid Data Breaches

Test every asset in your business and apply the most appropriate measures (controls) to mitigate risks.

Protect Your Business Assets From Hackers

Find and fix your vulnerabilities before attackers do. Take action before there is a problem. Master the most common security vulnerabilities now.

Can you have an Efficient Cyber Security Program?

Cyber ​​​​Legion is ready to provide you with a continuous and consistent security testing service that leverages our platform with the help of security researchers and smart technology. We recommend to find and fix vulnerabilities before attackers exploit them and breach happen.