Firewalls cannot detect nor block attacks again modern web applications. We offer professional web Penetration Testing, critical vulnerability scanning, and comprehensive remediation services.

Web Security

Web applications, web services, and websites have become preferred targets for cyber criminals.

Leveraging relatively simple vulnerabilities they gain access, hold ransom, and sell or leak your company’s most valuable information.

Over 60% of small and medium-sized enterprises go out of business within 6 months after the compromise occurs.

We look past the hardened network perimeter and endpoints and assess the exploitability within the context of web applications and web browsers to gain access before the cybercriminals do.

GIAC Certified Systems and Network Auditor

Our Services

Vulnerability Scanning

We identify new vulnerabilities using our enterprise-grade web application vulnerability scanners.

Penetration Testing

We manually exploit security risks and vulnerabilities present in your environment before cyber criminals do.

Source Code Review

We uncover many security issues that can only found by inspecting application source code.

Security Architecture

We review and provide recommendations on proposed as well as existing system & software designs.

Software Development

We help shape your development efforts improving code quality and minimising security bugs.

Secure Servers

We combine our cross-disciplinary expertise to build and maintain high-Assurance server instances.

Issues We Address

SecurityStreak offers professional web penetration testing, critical vulnerability scanning, and comprehensive remediation services.

We find, help fix, and prevent security bugs & human error using advanced manual techniques and state-of-the-art automation.

We are active users of, and contributors to professional industry standards:

Authentication attacks

  • Account recovery flaws
  • Captcha bypass
  • Complete bypass
  • Password guessing
  • Race condition flaws
  • Remember me flaws
  • Two factor bypass
  • User enumeration
  • User impersonation

Client side attacks

  • clickJacking
  • DOM XSS
  • Flash vulnerabilities
  • HTML5 vulnerabilities*
  • Java vulnerabilities
  • Mutation XSS
  • pasteJacking
  • Reflected File Download
  • Silverlight vulnerabilities
  • windowJacking

* HTML5 (LocalStorage, CORS, Web Sockets, SSE, Messaging, Geo Location, Canvas Screenshots)

Data security flaws

  • Insecure data storage
  • Insecure data transfer

Data validation flaws

  • Buffer overflows
  • Code injection
  • Command injection
  • Cross site flashing
  • HTTP parameter pollution
  • HTTP splitting/smuggling
  • LDAP injection
  • MX injection
  • ORM injection
  • Reflected or Non-Persistent XSS
  • Relative path overwrite XSS
  • Remote file inclusion
  • SQL injection
  • SSI injection
  • Stored or Persistent XSS
  • Unvalidated redirects & forwards
  • XML injection
  • XPATH injection

Session attacks

  • Complete bypass
  • Cookie Scope
  • Cross-Site Request Forgery
  • Exposed variables
  • Improper error handling
  • Session fixation
  • Session termination flaws

Authorization attacks

  • Complete bypass
  • Direct object references
  • Horizontal privilege escalation
  • Local file inclusion
  • Logic flaws
  • Path traversal
  • Vertical privilege escalation

Configuration flaws

  • Application configuration flaws
  • Cross site tracing
  • Default credentials
  • Exposed admin interfaces
  • Exposed services
  • File upload flaws
  • Improper error handling
  • Infrastructure configuration flaws
  • Insecure HTTP methods
  • Insecure HTTPS implementation
  • Old, backup and unreferenced files

Denial of Service attacks

  • BPEL flooding
  • BPEL state deviation
  • Cryptography DoS
  • Oversized XML DoS
  • Regular Expression DoS
  • Resource allocation DoS
  • SOAP array attack
  • SOAP parameter DoS
  • SQL wildcard DoS
  • User lockout DoS
  • XML Entity Expansion DoS
  • XML Entity Reference attack
  • XML External Entity DoS
  • XML flooding
  • XML signature DoS

Information Exposure

  • Exposed admin interfaces
  • Exposed services
  • Improper error handling
  • User enumeration

Web API attacks

  • Action spoofing
  • Adaptive Chosen-Ciphertext attack
  • Backward-compatibility attacks
  • CGI vulnerabilities
  • File upload attacks
  • Information disclosure
  • Injection attacks
  • JSON-RPC attacks
  • Man-in-the-middle attacks
  • Replay attacks
  • REST attacks
  • SOAP attacks
  • XML injection
  • XML signature attacks
  • XML-RPC attacks
  • Xpath injection

Free Consultation

We take on projects worldwide, all inquiries remain confidential.

We look forward to hearing from you:









askanything@securitystreak.com

+1 (760) 946 6428

Onsite services are available near:

  • New York, NY
  • Chicago, IL
  • Madison, WI
  • Minneapolis, MN

Protect your communications further by using our GPG key.