| Penetration Testing
| VulNerability Scan
| Web Application Scanning
| Professional Services
Phases of Penetration Testing
01
Scoping
02
Discovery, Reconnaissance, and Information Gathering
03
Network Enumeration and Scanning
04
Vulnerability Mapping
05
Exploitation
06
Clean up
07
Reporting
Our detailed Vulnerability Reports utilise the Common Vulnerability Scoring System (CVSS). This provides a way to capture the principal characteristics of a Vulnerability and produce a numerical score reflecting it is severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organisations accurately assess and prioritise their vulnerability management processes. CVSS is a published standard used by organisations worldwide.
The Common Vulnerability Scoring System (CVSS) is an industry standard for assessing the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritise responses and resources according to threat. Scores are calculated based on a formula that depends on several metrics that approximate ease of exploit and the impact of exploit. Scores range from 0 to 10, with 10 being the most severe. While many utilise only the CVSS
Base score for determining severity, temporal and environmental scores also exist, to factor in availability of mitigations and how widespread vulnerable systems are within an organization, respectively. The Common Vulnerability Scoring System (CVSS) is the most widely used industry standard for assessing and scoring vulnerabilities and aligns to all major compliance frameworks.
CVSS was designed to be used by any organisation. This flexibility is a noteworthy strength of the model, but it does require that different sectors and organisations approach the use of CVSS with consideration of their specific requirements. The Security Content Automation Protocol (SCAP)9 is a method for using Specific Standards to enable automated Vulnerability Management, Measurement, and Policy Compliance Evaluation (e.g., FISMA compliance, PCI DSS) and the National Institute of
Standards and Technology (NIST) CVSS is one of the six Vulnerability Management Standards that comprise SCAP.
The Assessment is done with Vulnerability Scanning and is the foundational process for finding and fixing the vulnerabilities in your computer systems.
1. The scanner uses it is library of vulnerabilities to test and analyses computer systems, services, and applications for known security holes.
The Assessment is done with Vulnerability Scanning and is the foundational process for finding and fixing the vulnerabilities in your computer systems.
1. The scanner uses it is library of vulnerabilities to test and analyses computer systems, services, and applications for known security holes.
- A full comprehensive report with clear remediation instructions
- A post-scan report organizes and prioritises the actual vulnerabilities and gives you information for applying patches and updates.