Deep security expertise, we understand attackers and how defend against them
Risk-based objective evaluation of your controls, procedures and goals
Develop actionable insight and plans to guide your business
Vulnerability Discovery
Our Vulnerability Discovery services provide an impartial view of your security posture. Vulnerabilities within networks, web applications and databases emerge every day, caused by software defects and misconfigurations. Let us help you address them.
Business Value
- Identify weaknesses in your technologies, processes and people
- Remediate vulnerabilities and minimise the attack surface
- Reduce risk and meet compliance requirements
Our Approach
We have an expert team that can evaluate people, processes and technical gaps at the network, host, application and data layers. All testing activities are contextualised to the client’s business and risk tolerance objectives and qualified by how appropriately the environment maintains confidentiality, integrity, and availability requirements.
Test objectives:
- Device configuration and/or control effectiveness
- Vulnerability to common security vulnerabilities and/or attack methods
- Attempts to confirm detected vulnerabilities ranging from passive to active attack vectors to limit the possibilty of any adverse effects
- Attempts to gain elevated access and/or extract sensitive information
Finding vulnerabilities relies not just on the tools but also the skills of the analysts. Using tools, we find weaknesses, evaluate their severity and make recommendations for mitigation.
Prior to any testing, we get agreement on the test objectives, coordination, logistics, safeguards and progress calls. Once complete we provide a report detailing our findings and recommendations to remediate the vulnerabilities.
.
Deliverables
Our Vulnerability Discovery Services
This assessment will reveal how appropriately the environment maintains confidentiality, integrity and availability requirements through:
- Detection of common web infrastructure and application vulnerabilities
- Analysis of transport layer, session management and business logic attack vectors
- Attempts to confirm detected vulnerabilities using restricted, non-invasive methods to limit the possibility of adverse effects
This assessment will reveal how appropriately the environment maintains confidentiality, integrity and availability requirements through:
- Infrastructure and services supporting the application
- Client/Server communication
- Client-side application and functionality
- Device/Payment endpoint communication
This assessment will reveal how appropriately the environment maintains confidentiality, integrity and availability requirements through:
- Device configuration and/or control effectiveness
- Exposure to common security vulnerabilities and/or attack methods
- Attempts to confirm detected vulnerabilities using restricted to non-invasive methods to limit the possibility
of any adverse effects
This assessment will reveal how appropriately the wireless services environment maintains confidentiality, integrity and availability requirements through:
- Attempts to bypass a targets security controls, access points, controllers, backend servers, clients, IDS/IPS
- Attempts to gain elevated access and/or triggering other vulnerable conditions in identified services and network resources.
A bespoke assessment that focus on the active exploitation of employees, service providers and/or social media presences in order to violate corporate policies, disclose sensitive information or grant access/provide information to an attacker using common communication attempts. Engagements are bespoke and undertaken with explicitly defined criteria and sanctioned activities. This assessment will reveal how appropriately an organisation maintains confidentiality, integrity and availability requirements through:
- Targeted email and/or phone calls, malware campaigns, baiting
- Physical location unmonitored access attempts and/or desk inspections
- Determine information system exposure to evolving security attack methods