White Paper

Security Testing Tools:

Experiences and
Recommendations
- A CIgniti Insight

The Average security breach can cost a company anywhere

between $90 and $305 per lost record, according to a new
study from Forrester research.

Abstract
This white paper is an incorporation of inputs from Cigniti’s
Security Testing team and is designed to help you understand
the types of Security Testing, their requirement and the tools
that enable testing. In addition, the white paper explains
scenarios which affect the security of an IT system. The white
paper aims to predict, prevent and address the security issues
with testing approaches that improve overall resilience.

www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2016 - 17, Cigniti Technologies Ltd
 The Need for Security Testing

The new age enterprises face a relentless onslaught of

security challenges ranging from DDoS attacks, Database
compromises, unauthorized entry, breach of access control,
login flaws and vulnerabilities across sessions, multiple
authentications, caches etc.

Security is one area which needs constant reinforcements,

meticulous assessment and a one step ahead approach
to minimize the scope of error. Hence, security testing is a
combination of offensive procedures backed by CEHs and
strategic reviews which block and cement the IT system
against threats, inherent as well as directed. Security testing
is a combination of attacks like fault injections, assessment of
vulnerable areas like the presence of redundant, readable and
downloadable files on a web server. The combination of test
approach depends on the size, scope and the coverage of the
IT system.

55%
OF IT PRACTITIONERS LACK A FORMAL
STRATEGY TO GOVERN MOVING DATA

61%
OF ORGANIZATIONS SAY DATA THEFT
AND CYBERCRIME ARE THE GREATEST
THREATS TO THEIR REPUTATION

www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2016 - 17, Cigniti Technologies Ltd
 Configuration Management Security Testing
Often analysis of the network infrastructure and web application architecture can
reveal a good amount of information such as source code, HTTP methods permitted,
administrative functionality, authentication methods, infrastructural configurations
etc. In the present scenario, the complex interconnected and heterogeneous web
server infrastructure - which can count hundreds of servers - makes configuration
management review and validation a fundamental step in testing. The application
penetration test should include the checking of how infrastructure was deployed and
secured. While the application may be secure, a small aspect of the configuration
could still be at a default install stage and vulnerable to exploitation.

Testing for Configuration Management usually includes

ƒƒ Usage of strong cipher algorithm and its proper implementation
ƒƒ Security of DB listener port and component web servers, database servers,
authentication servers, software versions and
their associated vulnerabilities THE AVERAGE SECURITY
BREACH CAN COST A
ƒƒ Default configuration of the application and its
COMPANY BETWEEN
associated vulnerabilities
ƒƒ File extension handling configuration
ƒƒ Presence of redundant, readable and
$90 & $305
downloadable files on a web server PER LOST RECORD,
ƒƒ Admin functionality usage by authorized users ACCORDING TO A NEW
STUDY FROM RESEARCH.
ƒƒ Configuration of HTTP methods and its
associated vulnerabilities

Sample Scanning Tools

A list of scanning tools that can identify vulnerabilities related to configurations are
as follows:

Vulnerability Open Source /

Commercial Tools
Type Free Tools
W3AF, Nessus, IBM AppScan, WebInspect, Cenzic Hailstorm,
Application
Sandcat, Skipfish, Acunetix, Sandcat, Jsky, Netsparker, Grendel
Configuration
arachni, oedipus, iScan, Scan, ParosPro, Webcruiser, Web Injection
Weakness
N-Stalker, WSTool Scanner
W3AF, Nessus,
IBM AppScan, WebInspect, Cenzic Hailstorm,
Sandcat, arachni, ZAP,
HTTP Methods Acunetix, Sandcat, Jsky, Netsparker,
Oedipus, Andiparos,
and XST Burpsuite, Vega, Grendel Scan, ParosPro,
Watobo, Jsky,
Paros Proxy, iScan
N-Stalker, Skipfish
IBM AppScan, WebInspect, Acunetix, Burp
Old, Backup and W3AF, ZAP, Syhunt
Suite Professional, NTOSpider, Syhunt
Unreferenced Mini, Wapiti, WATOBO,
Dynamic, QualysGuard WAS, Netsparker,
files Andiparos, Paros Proxy
ScantoSecure, N-Stalker

www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2016 - 17, Cigniti Technologies Ltd
 Authentication Security Testing
Authentication is the process of attempting to verify the digital identity of the sender
of a communication. The sender could be a user, process or device. A common
example of such a process is the logon process but authentication happens every time
when we use our computers. Much of the authentication that happens is transparent
to the user and handled via computer. Testing the authentication schema means
understanding how the authentication process works and use that information to
circumvent the authentication mechanism. As a Penetration Tester, it is valuable to
be able to gain the trust of a system and bypass security as an authorized entity.
The most common method by which people confirm their identity is something they
know such as a password.

Testing for Authentication usually includes

ƒƒ Understanding if data travels
THE ENTERPRISE SECURITY
unencrypted from the web browser
INFRASTRUCTURE MARKET
to the server
IS PROJECTED TO GROW AT AN
ƒƒ Collecting a set of valid user names APPROXIMATE COMPOUNG ANNUAL
and then trying brute force testing GROWTH RATE (CAGR) OF

10.9%
ƒƒ Trying the default username
and password of the deployed
application/server
ƒƒ Retrieving a valid user account and INTO 2014 AS COMPANIES CONTINUE
password TO EXPAND THE
TECHNOLOGIES THEY USE TO
ƒƒ Bypassing the authentication IMPROVE THEIR OVERALL
schema by tampering with requests SECURITY.
and tricking the application
ƒƒ Testing the “Remember Password”
and “Password Reset” functions
ƒƒ Testing the logout and caching
functions
ƒƒ CAPTCHA validation
ƒƒ Evaluating the strength of a “Multiple Factors Authentication System” like OTP
(One Time Password)
ƒƒ Testing for race condition, a situation difficult to test for
Sample Scanning Tools
A list of scanning tools that can identify vulnerabilities related to authentication are
as follows:
Vulnerability Open Source /
Commercial Tools
Type Free Tools
Bypassing
Nessus, WebScarab, IBM AppScan, WebInspect, Cenzic Hailstorm,
Authentication
WebGoat NTOSpider, Grendel Scan
Schema

www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2016 - 17, Cigniti Technologies Ltd
 Session Management Security Testing
Authentication and Session Management takes care of all aspects of handling user
authentication and managing active sessions. HTTP is a stateless protocol and hence
even simple logic requires a user’s multiple requests to be associated with each
other across a ‘session’. With regards to web applications, a session is the length of
time users spend on a website. It is always advisable to manage authorized sessions
duration prudently. The goal of a penetration tester is to identify accounts that are
permitted access to sessions with high-level privileges and unlimited time to access
the web application.

Testing for Session Management usually includes

ƒƒ Understanding the existing Session Management schema
ƒƒ Understanding if cookies are protected

AS MUCH AS 60% OF IMPORTANT CORPORATE

DATA RESIDES ON DESKTOP & LAPTOP COMPUTERS
THAT ARE NOT PROPERLY PROTECTED.
ƒƒ Accessing another user’s account through the active session (Session Fixation)
ƒƒ Retrieving Session Tokens whilst in transit between the Client browser and the
application server
ƒƒ Forcing an unknowing user to execute unwanted actions (Cross Site Request
Forgery)
Sample Scanning Tools
A list of scanning tools that can identify vulnerabilities related to sessions are as
follows:

Vulnerability Open Source / Free

Commercial Tools
Type Tools
Session Identifier
W3AF, Nessus, Sandcat, Cenzic Hailstorm, NTO Spider, Sandcat,
Complexity
Jsky, Webscarab Burpsuite, Grendel Scan
Analysis

Authorization Security Testing

Authorization is the concept of allowing access to resources only to those permitted
to use them. While Authentication is about establishing and verifying user identity,
Authorization is about permissions. Is a user allowed to perform the operation it
is invoking? Testing for Authorization means understanding how the authorization
process works and using that information to circumvent the authorization.

www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2016 - 17, Cigniti Technologies Ltd
 Testing for Authorization usually includes
ƒƒ Executing a path traversal attack and access reserved information
ƒƒ Bypassing the authorization schema
ƒƒ Escalation of privileges within the application by users
Sample Scanning Tools
A list of scanning tools that can identify vulnerabilities related to authorization are
as follows:

Vulnerability Open Source /

Commercial Tools
Type Free Tools
W3AF, IronWASP, IBM AppScan, WebInspect, Acunetix, Burp
ZAP, arachni, SkipFish, Suite Professional, NTO Spider, Syhunt
Path Traversal
Wapiti, Vega, WATOBO, Dynamic, WAS, Netsparker, ScantoSecure,
safe3wvs, WebSecurify Jsky, N-Stalker, Ammonite, ParosPro

Privilege IBM AppScan, WebInspect, Cenzic

Webscarab
Escalation Hailstorm, NTOSpider

Business Logic Security Testing

Business logic can have security flaws that allow users to do something that isn’t
allowed by the business. For example, can users make a purchase for a negative
amount of money? Attacks on the business logic of an application are dangerous,
difficult to detect and are usually specific to the application. This type of vulnerability
cannot be detected by a vulnerability scanner and relies upon the skills and creativity
of the penetration tester. There are no scanning tools that can identify vulnerabilities
related to business logic as it is more context driven.

Data Validation Security Testing

One security weakness that leads to almost all of the vulnerabilities in web application
such as XSS, SQL Injection etc. is erroneous data from external entity. The data from
external entity can be tampered with by an attacker or unknowingly given by user
and hence it is important to filter and sanitize all input data by the application before
it is trusted and processed. Data Validation Testing is the task of testing all possible
forms of input, to understand if the application scrutinizes all data correctly or not.

Data Validation testing usually includes

ƒƒ Making the victim load the offending URI (Reflected Cross-site Scripting)
ƒƒ Storing malicious code into the web page (Stored Cross-site Scripting)
ƒƒ Controlling a DOM element (DOM Cross-site Scripting)
ƒƒ Vulnerabilities like DOM based Cross-site Scripting in flawed Flash application
ƒƒ Injecting SQL query via the input data (SQL Injection)

www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2016 - 17, Cigniti Technologies Ltd
 ƒƒ Manipulating input parameters and pass it to internal search, add and modify
functions (LDAP Injection)
ƒƒ Injecting a particular XML document into the application (XML Injection)
ƒƒ Injecting code into HTML pages (SSI Injection)
ƒƒ Injecting data into the application so that it executes user-controlled
ƒƒ XPath queries (XPath Injection)
ƒƒ Injecting arbitrary IMAP/SMTP commands into the mail servers (IMAP / SMTP
Injection)
ƒƒ Injecting data into the application that will be later executed by the web server
(Code Injection)
ƒƒ Injecting an OS command through an HTTP request (OS Commanding)
ƒƒ Understanding different types of buffer overflow vulnerabilities (HTTP splitting
and HTTP smuggling)
Sample Scanning Tools
A list of scanning tools that can identify vulnerabilities related to data input from
external entities are as follows:

Vulnerability Open Source / Free

Commercial Tools
Type Tools
IBM AppScan, WebInspect,
Buffer Overow W3AF, Nessus, Sandcat
Accunetix, Sandcat

IBM AppScan, WebInspect, Cenzic

Format String W3AF, Nessus
Hailstorm, SkipFish, Vega

IBM AppScan, Cenzic Hailstorm,

Sandcat, arachini, Uber Web
Code Injection Acunetix, SandcatCS, SkipFish,
Security Scanner
Netsparker

DOM Based Cross IBM AppScan, Cenzic Hailstorm,

W3AF, Watobo, arachini
Site Scripting Acunetix, NTO Spider

IBM AppScan, WebInspect, Cenzic

WebGoat, W3AF, Nessus,
Hailstorm Professional, Acunetix,
HTTP Splitting / SandcatCS, arachini, Wapiti, ZAP,
NTOSpider, Sandcat Pro, Jsky,
Smuggling PowerFuzzer, Andiparos, Paros
Netsparker, Burpsuite, Vega,
Proxy, Web Securify, WebScarab
Grendel Scan, ParosPro

IMAP/SMTP
W3AF, Sandcat CS IBM AppScan, Acunetix, Sandcat
Injection

W3AF, SandcatCS,arachini, IBM AppScan, WebInspect, Cenzic

LDAP Injection Wapiti, Power Fuzzer,Uber Web Hailstorm Professional, Acunetix,
Security Scanner Sandcat Pro, Jsky, Burp Suite

www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2016 - 17, Cigniti Technologies Ltd
 IBM AppScan, WebInspect, Cenzic
W3AF, Nessus, Sandcat, arachni, Hailstorm, Acunetix, NTO Spider,
OS Commanding
Wapiti, PowerFuzzer, Oedipus Sandcat, SkipFish, Jsky, Netsparker,
Burpsuite, Vega
W3AF, IronWASP, ZAP, arachni,
Syhunt Mini (Sandcat Mini),
SkipFish, Wapiti, Sandcat,
Vega, Grendel Scan, WATOBO, IBM AppScan, WebInspect,
Andiparos, PowerFuzzer, Acunetix, Burp Suite Professional,
Reflected Cross Paros Proxy, Oedipus, Uber NTO Spider, Syhunt Dynamic,
Site Scripting Web Security Scanner, Jsky, QualysGuard WAS, Netsparker,
safe3wvs, WebSecurify, Grabber, ScantoSecure, Jsky, N-Stalker,
Netsparker, WebCruiser, Ammonite, ParosPro, WebCruiser
Proxy Strike, Acunetix WVS,
WebScarab, N-Stalker, XSSer,
Gamja, Secubat,
W3AF, IronWASP, ZAP, arachni,
Syhunt Mini (Sandcat Mini),
SkipFish, Wapiti, Sandcat,
Vega, Grendel Scan, WATOBO,
Andiparos, PowerFuzzer,
Paros Proxy, Oedipus, Uber IBM AppScan, WebInspect,
Web Security Scanner, Jsky, Acunetix, Burp Suite Professional,
safe3wvs, WebSecurify, Grabber, NTO Spider, Syhunt Dynamic,
SQL Injection
Netsparker, WebCruiser, Proxy QualysGuard WAS, Netsparker,
Strike, SQLiX, sqlmap, Gamja, ScantoSecure, Jsky, N-Stalker,
Mini Mysqlator, Secubat, Ammonite, ParosPro, WebCruiser
WSTool, DSSS, aidSQL,Scrawlr,
LoverBoy, SQLID, VulnDetector,
openAcunetix, Priamos, Gamja,
Secubat, XCobra, safe3wvs,
iScan

W3AF, Nessus, ZAP, Andiparos, IBM AppScan, WebInspect, Cenzic

SSI Injection
Paros Proxy, Proxy Strike Hailstorm, ParosPro

IBM AppScan, WebInspect, Cenzic

Stored Cross Site W3AF, Nessus, Wapiti,
Hailstorm, Acunetix, NTO Spider,
Scripting PowerFuzzer, XSSploit
SkipFish, Netsparker, BurpSuite

Nessus, Uber Web Security IBM AppScan, SkipFish, BurpSuite,

XML Injection
Scanner Vega

W3AF, SandcatCS, Sandcat, IBM AppScan, WebInspect,

Xpath Injection arachni, Wapiti, Powerfuzzer, Acunetix, SkipFish, Sandcat, Jsky,
WebCruiser WebCruiser

IBM AppScan, WebInspect,

W3AF, IronWASP, ZAP, arachni,
Cross Site
Syhunt Mini (Sandcat Mini),
Scripting
SkipFish, Wapiti, Vega
Acunetix, Burp Suite Professional,
NTO Spider, Syhunt Dynamic,
Netsparker, ScantoSecure, Jsky,
N-Stalker, Ammonite

www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2016 - 17, Cigniti Technologies Ltd
 IBM AppScan, WebInspect,
Unvalidated
W3AF, IronWASP, ZAP, arachni, Acunetix, Burp Suite Professional,
Redirects and
SkipFish NTO Spider, QualysGuard WAS,
Forwards
Netsparker, ScantoSecure, NStalker

Denial of Service Security Testing

One of the most common and simplest forms of attack on a system is Denial of Service
(DoS) attack. This attack does not attempt to intrude to the system or to obtain
sensitive information. It simply aims to prevent legitimate users from accessing the
system. DoS attacks can be on individual machines, on the network that connects the
machines or all the machines simultaneously. It is based on the fact that any device
has operational limits. Any computer system, web server or network can handle a
finite load and simply overloading the system with requests will block serving the
requests of legitimate users. In this section, focus will be attacks against availability
that can be launched by just one malicious user on a single machine.

Denial of Service (DoS) testing usually includes

ƒƒ Forcing the underlying database to carry out CPU intensive queries by using
several wildcards
ƒƒ Locking valid user accounts by repeatedly attempting to log in with a wrong
password
ƒƒ Causing DoS attack by overflowing one or more data structure of the target
application
ƒƒ Exhausting server resources by making it allocate a very high number of objects
ƒƒ Forcing the application to loop through a code segment that needs high computing
resources
ƒƒ Filling the target disks by log data
ƒƒ Understanding if the application properly releases resources (memory or files)
after their usage
ƒƒ Allocating a big amount of data into a user session object
Sample Scanning Tools
A list of scanning tools that can identify vulnerabilities related to DoS attacks are as
follows:

Vulnerability Open Source / Free

Commercial Tools
Type Tools
Regular
W3AF, Nessus, Wapiti,
Expression Denial WebInspect
safe3wvs, WebSecurify
of Service

www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2016 - 17, Cigniti Technologies Ltd
 ACCORDING TO GARTNER ONE LAPTOP IS STOLEN
EVERY 53 SECONDS

Web Service Security Testing

Web services are exposed to net like any other service but can be used on HTTP,
FTP, SMTP and MQ among other transport protocols. The Web Services Framework
utilizes the HTTP protocol in conjunction with XML, SOAP, REST, WSDL and UDDI
technologies. The vulnerabilities in web services are similar to other vulnerabilities,
such as SQL injection, information disclosure and leakage but Web Services also
have unique XML / parser related vulnerabilities.

Web service security testing usually includes

ƒƒ Understanding the Web service entry point and the communication schema
ƒƒ Invoking an operation that is not used in a standard SOAP Request
ƒƒ Sending very large or malformed XML messages
ƒƒ Attacking the Web service by passing malicious content on the HTTP GET string
ƒƒ Attacking binary files (executables, malware etc.) to Web service if it accepts
attachments
ƒƒ Conducting man-in-the-middle of the attack
Sample Scanning Tools
A list of scanning tools that can identify vulnerabilities related to web service security
are as follows:

Vulnerability Open Source / Free

Commercial Tools
Type Tools
XML Content Level WebScarab, Metasploit -

XML Structural Webscarab -

AJAX Security Testing

AJAX uses XMLHttpRequest object and JavaScript to make asynchronous requests
to the web server, parsing the responses and then updating the page DOM and CSS.
AJAX application is more complicated because processing is done on both the client
side and the server side. This complexity is avoided by having framework but that
also results in situations where developers do not fully understand where the code
will execute, and can lead to a situation where it is difficult to properly assess the risk
associated with particular applications or features.

www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2016 - 17, Cigniti Technologies Ltd
 AJAX applications have similar vulnerabilities like SQL injection, data validation etc.
that a traditional web application can have. In addition, AJAX application can be
vulnerable to new classes of attack such as Cross Site Request Forgery (XSRF). Testing
AJAX applications can be challenging due to different encoding or serialization
scheme used by developers while submitting POST data and make it difficult for
testing tools to reliably create automated test requests. The use of web proxy tool is
extremely helpful for analyzing the traffic.
Sample Scanning Tools
A list of scanning tools that can identify vulnerabilities related to AJAX are as follows:

Vulnerability Open Source /

Commercial Tools
Type Free Tools
OWASP Sprajax, Acunetix, Hailstorm, WebInspect, Watchre,
AJAX
safe2wvs, Sandcat, N-Stalker, Grabber, IBM AppScan, Jsky,
Vulnerabilities
W3AF Netsparker, NTOSpider, ParosPro, Sandcat

75% OF IT RISKS IMPACT CUSTOMERS

SATISFACTION AND BRAND REPUTATION

Disclaimer
This white paper is issued for information only. Cigniti declines all responsibility for
any errors and any loss or damage resulting from use of the contents of this White
Paper. Cigniti also declines responsibility for any infringement of any third party’s
Intellectual Property Rights but will be pleased to acknowledge any IPR and correct
any infringement of which it is advised.

About the White Paper

At Cigniti, innovation is a continuous endeavor to ensure the best services in
every engagement. As part of the Security Testing R&D, Cigniti consolidates and
communicates information that enriches Software Testing as a discipline.
The content is an incorporation of inputs and observations from Security Testing
experts and business leaders with cross vertical experience in addressing some of the
most complex and most gigantic software testing challenges. While the white paper
details the standard procedures of Security testing, the procedures mentioned in the
white paper have been simplified to cater to a wider audience for general reference.
For more details write to marketing@cigniti.com

www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2016 - 17, Cigniti Technologies Ltd
 US India Hyderabad
Cigniti Technologies Inc. Cigniti Technologies Ltd.
433 E Las Colinas Blvd, 6th Floor, ORION Block, “The V”
Suite 1300, (Ascendas)
Irving, TX 75039 Plot #17 Software Units Layout
Madhapur, Hyderabad-500081
Australia Sydney
Cigniti Technologies Australia Pty Ltd UK
Level 13, 135 King Street Cigniti Technologies (UK) Limited
Sydney, NSW 2000 1 Fore Street
London EC2Y 9DT
Canada
Cigniti Technologies Canada Inc New Zealand
2425 Matheson Blvd E., Cigniti Technologies (NZ) Ltd
Suite 731, 24b, Moorefield Road
Mississauga, Ontario, Johnsonville, Wellington 6037
L4W 5K4

South Africa
Cigniti Technologies Ltd.
Ballyclare Place, 14 Ballyclare Drive,
Bryanston 2021

About Cigniti
Cigniti Technologies Limited (BSE: 534758, www.cigniti.com), Global Leaders in Independent Software Testing
(IST) Services, is headquartered at Hyderabad, India. Cigniti’s 2000+ career testers are spread across US, UK, India,
Australia, and Canada. Cigniti is the world’s first IST Services Company to be appraised at CMMI-SVC v1.3, Maturity
Level 5, and is also ISO 9001:2008 & ISO 27001:2013 certified. Cigniti’s test offerings include Quality Engineering,
Advisory & Transformation, Next Generation Testing, and Core Testing. Over the last decade, Cigniti has helped
Enterprises and ISVs build quality software while improving time-to-market and reducing cost of quality. Cigniti
has translated its R&D into BlueSwan, a proprietary test platform comprising of 5 elements - Verita, Velocita, Cesta,
Praxia, and Prudentia – which complement the existing QA and QE tools of enterprises. BlueSwan will help clients
Align their Business Goals, Assure market leadership, and Accelerate their digital transformation journey. Cigniti has
India’s first of its kind Robotics Test Lab, a Mobile Cloud Test Lab with HP & Experitest, a Cloud-enabled Performance
Test Lab, and an IoT & Smart Meter Lab. Gartner has postioned Cigniti as a “Niche Player” in 2016 and has been in
the Magic Quadrant for 2 years in a row. Forrester cites Cigniti among the 9 services firms and systems integrators
working to enable Quality at Speed. NelsonHall recognizes us as a ‘Leader’ in Overall, Pure-Play, Consulting & Digital
market segments in NEAT 2016 and 2nd largest by headcount. Everest Group recognizes Cigniti as a Major Contender
with a “Best in Class” rating for Buyer satisfaction in the PEAK Matrix™ for Independent Testing Services, while Forbes
recognizes Cigniti as Asia’s 200 best under-billion companies. Cigniti has been awarded a place on the Crown
Commercial Service latest G-Cloud 6 framework for providing Lot 4: Specialist Cloud Services that will provide public
sector enterprises better access to Cigniti’s expertise. Cigniti is also a recipient of the prestigious Frost and Sullivan
Customer Value Leadership Award for Global Automated Software Testing Services category consecutively in 2014
and 2015. Cigniti’s CSR initiative, Project Cignificance, aims to impact 1 million+ lives through education as an enabler.

For Other Information

marketing@cigniti.com

Global Leaders in Independent Software Testing Services

facebook.com/cignititechnologies youtube.com/cignititechnologies twitter.com/cigniti

linkedin.com/company/cigniti-inc slideshare.net/cigniti cigniti.com/blog

www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2016 - 17, Cigniti Technologies Ltd