Critical Asset Security Assessment

Highlights

• Scanning to create a baseline of vulnerabilities and security risks
• Best-of-breed open source and commercial vulnerability harvesting tools
• A cross section is used to limit exposure to the limitations of any single tool, and reap the benefits the strengths each tool provides
• Manual validation to eliminate false positives, confirm findings
• Manual testing to find additional vulnerabilities not found by scanning tools
• Penetration testing through custom-designed and pre-existing exploits to test real severity
• Illumant’s pen testing and manual testing techniques are continually updated through research and participation in hacker forums and conferences (e.g. BlackHat, DEFCON, SANS)
• Classification of severity of findings
• Remediation recommendations
• Benchmark analysis of results vs industry

Targets

Networks, systems, applications, services, ports, protocols from within firewalls boundaries – unfiltered analysis:

• Web applications (non-credentialed testing)
• For credentialed testing see Web Application Security Assessment (WASA)
• Web/intranet sites
• Servers
• Firewalls
• Internal routers
• 100,000+ known vulnerabilities, unique vulnerabilities from custom designs, configurations and software