- About
Company Profile - White Paper
IT Security Articles - why focus on
Security?
Security is Important - Services
How Can We Help
You? - Contact
Contact details
Vulnerability Assessment – Gold Package
Server Vulnerability testing using automated tools and Manual Hacking techniques
black box testing using hacking tools + manual hacking techniques
This is an upgraded version of the web application vulnerability assessment service. By adding some hacking experience to the hacking tools I am using, I can increase the amount of potential vulnerabilities i can find, making this a definite upgrade on the basic service.
The vulnerability scan will provide you the exact picture of how an intermediate hacker sees your website/application and web server.
Read More1Which tools and attacks are going to be launched?
This question is difficult to answer for many reasons. My arsenal consists of more then 100 different hacking tools. Each one of them can be used against different targets and in some case, a combination of a few tools is necessary, some of which are commercial and some my own private hacking tools.
2How it works?
The test can take place on any day and at any hour you like. Usually, the best time to take the test is when the application is not busy and no maintenance work is scheduled.
As a certified (ethical) hacker, I will use the most up to date knowledge and actual tools that hackers use, so you will get the best picture possible of your level of security.
Once the test is done, i will analyze the results and produce a detailed report of all the vulnerabilities found and how to mitigate them (vulnerabilities found and solution per vulnerability).
3How will the vulnerability test affect my application and service?
As a basic understanding, you must realize that your application and server are going to be attacked by hacking tools, exactly the same as a real hacker would use. The only difference is that during the vulnerability and penetration test, i will not attempt to do any damage. Usually those tools will not cause any problem if they are being used by a professional, but there is also the unknown factor that relates to the web server and application condition in the time of the test. The law and my own integrity requires me to inform you that anything can happen and you must be prepared for it. From the other side, if your application and web server are in bad condition, it is better that you know about it when you are ready for it and not when a hacker runs the same tools and surprises you by stealing your data or taking your operation down.
4Any preparations prior the test?
Usually i recommend having an up to date backup of the application files, database and web server, which should be available by default, every day. Besides that, if you have a system administrator in charge, he should be notified about this test and be available during the test (in some cases you will like to test your system administrator during hackers attack so don't notify him :-) ).
The idea is not to change the existing working environment or the applications, it is to have the proper resources available in case that unwanted error occurs during the test.
5How accurate is the test?
Vulnerability assessment is less accurate then a penetration test, but it is also less intrusive and much cheaper than a penetration test.
The only way to determine if a vulnerability found during the test is real, is by testing it manually and trying to exploit it, which is essentially what a penetration test is.
6How often do i need to run the test?
It is recommended to run a new test every 3-4 months, and every time the web server and/or application has undergone a significant change. The intervals are related to the fact that new vulnerabilities are being found every day, and running the test helps in figuring out if your web server or application is exposed to them.