Vulnerability Assessment Services
Since attackers discover new sophisticated ways to find and exploit vulnerabilities in the corporate networks, applications, etc., vendors of information security services have to think several moves ahead and make up new ways to protect customers’ IT environments.
The security testing team detects and prioritizes security weaknesses in your IT infrastructure components and provides customers with further recommendations on how to mitigate them. They evaluate the protection level in your IT environment both with automated scanning tools and manually.
1Cyber’s vulnerability assessment services imply reasonable costs along with high quality. The qualifications of our information security team allow detecting vulnerabilities and finding weak points in the following components of the IT environment:
Vulnerability assessment of IT infrastructure
IT infrastructure:
- Network. We assess the efficiency of your network segmentation, network access restriction, the ability to connect to the network remotely, firewall implementation.
- Email services. We evaluate the susceptibility to phishing attacks and spamming.
Vulnerability assessment of applications
Applications:
- Web applications. We assess the susceptibility of a web app to various attacks following Open Web Application Security Project (OWASP) Top 10 Application Security Risks.
- Mobile applications. We evaluate the security level of a mobile app following OWASP Top 10 Mobile Risks.
- Desktop applications. We assess how data is stored in an app, how this app transfers information, whether any authentication is provided.
Assessment Methods We Apply
Our security testing team combines automated and manual approaches to take the full advantage of the vulnerability assessment process.
- Automated scanning: To start the vulnerability assessment process, 1Cyber’s security engineers use automated scanning tools the choice of which depends on each customer’s needs, requirements and financial capabilities. These scanners have databases, which contain known technical vulnerabilities and allow detecting your company’s susceptibility to them. The main advantage of the automated approach is that it is not time-consuming and ensures a wide coverage of security weaknesses possibly existing in a range of devices or hosts on the network.
- Manual assessment: 1Cyber’s security testing team performs the manual tuning of the scanning tools, as well as subsequent manual validation of the scanning findings to eliminate false positives. Upon the completion of such manual assessment performed by our specialists, you get reliable results containing only confirmed events.
Vulnerabilities Classification
When conducting vulnerability assessment, we divide the detected security weaknesses into groups according to their type, severity level, etc. following the classifications below.
- Web Application Security Consortium (WASC) Threat Classification.
- Open Web Application Security Project (OWASP) Testing Guide.
- OWASP Top 10 Application Security Risks.
- OWASP Top 10 Mobile Risks.
- Common Vulnerability Scoring System (CVSS).
Classifying vulnerabilities allows 1Cyber security engineers to prioritize the findings according to the impact they may have in case of exploitation and direct your attention to the most critical weaknesses that need to be eliminated on a first-priority basis to avoid financial and security risks.