ARE YOU AWARE OF THE SECURITY RISKS THAT YOUR BUSINESS IS EXPOSED TO? The latest cyber threats exploit common business applications such as email, browsers, social media and file-sharing applications so the first step in protection is to identify the weak spots or vulnerabilities.
We recommend a Security Assessment as the first step of our 'Protect and Perform' approach to securing your infrastructure. The assessment includes a System and Web Application Penetration Test.
The objective of the Security Assessment is to establish the existing level of risk within a business, to identify vulnerabilities and to evaluate the current capability to protect networks, applications, servers, endpoints and users from external or internal attacks.
Prior to starting an engagement we first seek agreement for the connectivity methodology to be used to manage the remote activities performed during the project. Our recommendation is a secure VPN connection but we are always sensitive to your preferred connection policy. We also arrange workshops with all relevant parties interested in the security assessment to ensure we understand the lines of communication, decision authorities and change control processes. This ensures the activity we provide is authorized and as per the agreed internal processes.
The Security Assessment will provide you with the capability to protect your networks, applications, servers, endpoints and users from external or internal attempts to circumvent security controls to gain unauthorized or privileged access to protected assets. Additionally the assessment provides you with the following capabilities: -
- To identify the vulnerability level of the IT environment
- To give security personnel real experience in dealing with an intrusion
- To uncover aspects of security policy that are lacking
- To provide feedback on the most at risk routes into your company or applications
- To help developers and IT specialist to make fewer mistakes
THE CORE NODE 'PROTECT AND PERFORM' SECURITY ASSESSMENT CONSISTS OF THE FOLLOWING STEPS:-
Enumeration (VA) During this phase the following tasks will be carried out:
- Host Enumeration
- Service Enumeration (port scanning) & Identification
- Web Application Discovery
- Specific service enumeration
Vulnerability Detection (VA) During this phase all the vulnerabilities and all false positives will be identified. Based on this analysis we will identify all the vulnerabilities that could be exploited to compromise systems and applications. This phase will be completed with the support of automatic tools (vulnerability scanner) and a manual test.
Exploitation (PT) Based on information collected during the Vulnerability Detection phase usable exploits will be identified and the impact of them evaluated over the systems in terms of privileges and information compromised. Each exploit will be evaluated before execution in order to decrease system issues and problems. Where needed the exploit will be verified in a test environment.
Post-Exploitation Activities (Ethical Hacking) (PT) After system compromising all information useful to exploit other systems in scope will be collected. This phase considers the execution of previous phases.
View other tests...