do not stop your business operations

Security Testing for Web/SaaS Platforms

We aim to prevent threats and manage technological risk by ensuring compliance with international standards and best information security practices.

Contact Us

Colorlib Template
Colorlib Template
Colorlib Template
Colorlib Template
Colorlib Template

Our approach

Unlike conventional penetration testing services, we leverage our own botnet to perform security tests. This enables us to expand the attack surface and discover security flaws faster while keeping highly competitive prices. This methodology is useful to bypass different kinds of IP blocking measures like brute force protection, API rate limiting based on IP or WAF based IP blacklisting.

Attack and support nodes:

An attack node is where all our connections to the target server are generated. Support nodes were created to provide passive detection.

Yappo experts:

Our penetration testers manage the botnet coordinating the analysis, creating specific tasks and assess each attack result.

Reporting:

This process occurs simultaneously with the other three and documents all findings at the same time that they are detected, preventing of wasting time at the end of the penetration testing analysis.

0 Projects
0 Issues found
0 Cup Of Coffee
0 Happy Customers

Publications

CVE-2008-2069 - GroupWise 7.0 mailto: scheme buffer overflow

The scheme "mailto" is vulnerable if one takes as default mail client to GroupWise, the fault is to implement the scheme followed by an extensive argument and this causes the buffer overflow. This brings the consequence that can overwrite the EIP and is able to execute arbitrary code. The result with a debbuger us what reveals.

CVE-2007-6534 - Microsoft Office Publisher

It was found two ways to cause a denial of service on the Microsoft Office Publisher, this is done by creating a malformed file with specific characteristics.

CVE-2009-2654 - URL spoofing bug involving Firefox's error pages

The bug is caused when an user tries to open a url with a invalid char, in this time, you can edit the error page, and make a "spoof". This not would be important because when you make the spoof the "invalid web" is loading all time, but as firefox allow that you call the "stop" method of other page you can stop this.

Contact Us

Send us a message to info@yappo.net and we will contact you shortly.

Address

2105 Vista Oeste St Nw, Suite E-1337, Albuquerque, NM 87120, United States.

Contact Number

+1 (505) 317-3157

Email Address

info@yappo.net

Website

www.yappo.net