Firewalls and Routers

Evaluation of all network devices such as firewalls and external routers. If a firewall or router was used to establish a demilitarized zone (DMZ), these devices were included. The solution also tested for known vulnerabilities to detect whether the firewall or router was adequately patched.

Wireless Access Points

Detection of wireless access points visible from the Internet (over the wire) and detection of any known vulnerabilities and configuration issues.

Operating Systems

Verification that the operating system is patched against known exploits and detection of the version of the operating system and whether it is obsolete.

Web Servers

Tested for all known vulnerabilities and configuration issues on web servers and confirmed that directory browsing is not possible on the server.

Web Applications

Detection of current vulnerabilities and configuration issues (for example, OWASP Top 10, SANS CWE Top 25, etc.) including the following web application vulnerabilities and configuration issues:

• Unvalidated parameters that lead to SQL injection attacks
• Cross-site scripting (XSS) flaws
• Directory traversal vulnerabilities
• HTTP response splitting/header injection
• Information leakage, backup script files, include file source code disclosure, insecure HTTP methods enabled, WebDAV or FrontPage extensions enabled, Default web server files, Testing and diagnostics pages.

Application Servers

Detection of application servers and/or web application servers and detection of known vulnerabilities and configuration issues.

Common Web Scripts

Uncovering commonly found scripts such as common gateway interface (CGI) scripts, e-commerce related scripts, ASPs, PHPs, etc. and detection of any known vulnerabilities.

SSL/TLS

• Detection in reference to the presence and versions of cryptographic protocols on a component or service
• Detection of encryption algorithms and encryption key strengths used in all cryptographic protocols for each component or service
• Detection of signature-signing algorithms used for all server certificates
• Detection and report on certificate validity, authenticity and expiration date
• Detection and report on whether the certificate Common Name or wildcard match the server hostname

Anonymous Key-Agreement Protocols

Discovery of cryptographic protocols or services which allow anonymous/non-authenticated cipher suites.

Embedded Links

Detection of embedded code from (or links to) domains or sources outside of the scan customer’s scope and confirmation that this code is obtained from a trusted source, and that the code is implemented securely.

Other Applications

Reporting on the presence of other applications and discovery of any known vulnerability and configuration issues.

Database Servers

Discovery of open access to databases from the Internet.

DNS Servers

Uncovering the presence of DNS servers, to detect any known vulnerability and configuration issues, including unrestricted DNS zone transfer, forward and reverse DNS lookups, etc.

Mail Servers

Identification of all mail servers and detection of any known vulnerabilities and configuration issues.

Virtualization Components

Identification of internet accessible hypervisors as well as known vulnerabilities and configuration issues with virtualized components.

Point-of-Sale (POS) Software

Detection of point-of-sale (POS) software and any known vulnerabilities.

Remote Access

Evaluation of remote access software and detection of any known vulnerability or configuration issues. Remote access software includes, but is not limited to: VPN (IPSec, PPTP), applications such as LogMeIn, GoToMyPC, pcAnywhere and VNC, Terminal Server, remote web-based administration, SSH, and Telnet.

Built-in Accounts

Detection of built-in or default accounts and passwords by concentrating on known built-in or default accounts using default passwords. Also, detection of services that are available without authentication, (for example, services that require a username but do not require a password)

Common Services

Detection and reporting of common services known to have vulnerabilities.

Insecure Services

Detection of insecure services or industry-deprecated protocols (such as SHA-1) and/or services that transmit username and passwords as clear text (without encryption) and none were found.

Backdoors/Malware

A comprehensive malware infection and backdoor discovery scan was performed against the underlying operating system and the pages of the website. The scan did not identify any instances of malware or the presence of rootkits, backdoors, and Trojan horse programs.