- About
Company Profile - White Paper
IT Security Articles - why focus on
Security?
Security is Important - Services
How Can We Help
You? - Contact
Contact details
Vulnerability Assessment – Silver Package
Server Vulnerability testing using an automated tool
Black box testing using hacking tools
The web application vulnerability assessment service is the most basic service available, but also one of the best. The vulnerability scan will provide you the exact picture a hacker sees of your website/application and web server.
Read More1Which tools are going to be used?
This question is difficult to answer for many reasons. My arsenal consists of more then 100 different hacking tools. Each one of them can be used against different targets and in some case, a combination of a few tools is necessary, some of which are commercial and some my own private hacking tools.
2How it works?
The test can take place on any day and at any hour you like. Usually, the best time to take the test is when the application is not busy and no maintenance work is scheduled.
As a certified hacker, I will use the most up to date knowledge and actual tools that hackers use, so you will get the best picture possible of your level of security.
Once the test is done, i will analyze the results and produce a detailed report of all the vulnerabilities found and how to mitigate them (vulnerabilities found and solution per vulnerability) .
3How will the vulnerability test affect my application and service?
As a basic understanding, you must realize that your application and server are going to be attacked by hacking tools, exactly the same as a real hacker would use. The only difference is that during the vulnerability and penetration test, i will not attempt to do any damage. Usually those tools will not cause any problem if they are being used by a professional, but there is also the unknown factor that relates to the web server and application condition in the time of the test. The worst damage that I have seen so far is from a web server that needed to reboot or services that were turned off, but the law and my own integrity requires me to inform you that anything can happen and you must be prepared for it.
From the other side, if your application and web server are in bad condition, it is better that you know about it when you are ready for it and not when a hacker runs the same tools and surprises you.
4Any preparations prior the test?
Usually i recommend having an up to date backup of the application files, database and web server, which should be available by default, every day. Besides that, if you have a system administrator in charge, he should be notified about this test and be available during the test.
The idea is not to change the existing working environment or the applications, it is to have the proper resources available in case that unwanted error occurs during the test.
5How accurate is the test?
Vulnerability assessment is less accurate then a penetration test, but it is also less intrusive and much cheaper than a penetration test.
The only way to determine if a vulnerability found during the test is real, is by testing it manually and trying to exploit it, which is essentially what a penetration test is.
6How often do i need to run the test?
It is recommended to run a new test every 3-4 months, and every time the web server and/or application has undergone a significant change. The intervals are related to the fact that new vulnerabilities are being found every day, and running the test helps in figuring out if your web server or application is exposed to them.