CVE-2021-21327: Remotely trigerring execution of your PHP objects in GLPI
Our team discovered a CVE in a popular open-source ITSM and Service Center software GLPI. The vulnerability allows to remotely trigger certain initialization code.
Network pentest
Discovering and helping to prioritise vulnerabilities in your internal or external networks and infrastructures.
Get a quote
Internal network pentest
This network pentest type focuses on finding the following classes of vulnerabilities in your internal network:
- Application vulnerabilities
- Exposed services
- Misconfigurations
- Active Directory issues
- Weak segmentation
Our detailed report outlines each issue identified with steps to reproduce, as well as how several issues could be chained in more powerful attacks.
External network pentest
External network pentest analyses your network exposure to external attackers on the Internet. It’s perfect to understand your risks of publicly facing services/hosts or DMZ networks.
Analysing vulnerabilities of the services / applications exposed to the Internet
Misconfigured servers and network interfaces
Outdated software / vulnerable components / known vulnerabilities
Our detailed report outlines each issue identified with steps to reproduce, as well as how several issues could be chained in more powerful attacks.
Our process:
During our pentests we rely on OWASP and OSSTM methodologies. While employing some automated tools and scanners, we mostly perform manual expert penetration testing: such an approach proves to be the most practically valuable.
While black-box is one of the options we provide, from the efficiency point of view, we lean toward grey-box type with a reasonable amount of input.
1
A kick-off meeting to agree on the scope, inputs and communication
2
Pentesting (2-4 weeks, depending on the scope)
3
The final report that highlights the identified vulnerabilities
Check how our network pentest report looks like
Please contact us, and we will send you a sample network pentest report.
Why choose Iterasec?
We will combine innovative pentest tactics and our experience to analyze your software for exploitable vulnerabilities and strengthen your security posture. Iterasec ensures:
Manual pentests performed by highly-skilled security experts, certified with OSCP, CEH, and other security certifications
Manual pentests performed by highly-skilled security experts, certified with OSCP, CEH, and other security certifications
Transparent communication and accurate project management
Security findings with demonstrated
business impact
Support to properly fix the identified vulnerabilities
Efficient and agile pentesting of the full system or its components
By cooperating with Iterasec, you get compliance with PCI, HIPAA, SOC2,3, OWASP, and more, an independent evaluation of your software and infrastructure security, and increased software quality thanks to avoiding critical security vulnerabilities.
Related materials
Penetration Testing Best Practices
Some interesting insights on how to get the most of your pentest: from selecting the right vendor to proper project management.
Contacts
Please tell us what are you looking for and we will happily support you in that.
Feel free to use our contact form or contact us directly.