Vulnerability Assessment is often a starting point in cyber security tests. Your websites, operating systems and networks will be scanned for known and common vulnerabilities.
We will first identify the most severe issues and recommend mitigation solutions. Later, we will target more complicated security exploitation during Penetration Testing and Security Code Review phases.
1. What are your severe vulnerabilities?
- Step 1: Preliminary proposal
Our consultants will work with you to understand your business objectives and cyber security requirements. Then we will tailor our service to these to deliver maximum benefit.
- Step 2: Vulnerability assessment
Our consultants will perform a deep analysis of your information systems to determine the extent of your vulnerabilities. These will be categorised against a criteria of Criticality, Exploitability, Impact and Probability.
- Step 3: Vulnerability assessment report
Our consultants will provide you with a detailed report that clearly states the vulnerabilities identified during the assessment, their potential impacts on your business and recommended solutions.
2. Our Services
2.1 Web Vulnerability Assessment (VA)
Your web applications are the first and easiest target for hackers. We need to scan your web applications to have an overall insights of your web vulnerabilities.
We can detect the Open Web Application Security Project (OWASP) Top 10 Vulnerabilities:
- Broken Authentication and Session Management
- Cross-Site Scripting
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Cross Site Request Forgery (CSRF)
- Using Components with Known Vulnerabilities
- Unvalidated Redirects and Forwards
2.2 OS and Network Vulnerability Assessment (VA)
Networks and operating systems (Windows and Linux servers) are the base infrastructure for all business applications. We need to scan for poorly designed networks or unpatched servers.
The techniques can be performed during the assessment:
- Unknown and known asset identification
- Credentialed or network based vulnerability discovery
- Sensitive content auditing
- Selective re-scan by host, net, sub-net, etc.
- Authentication weaknesses
- Process/Anti-virus auditing
- Compliance Auditing