EXTERNAL VULNERABILITY ASSESSMENTS COMPANY NEW YORK
Based on our experience from past customers it is recommended to perform a full security analysis that will include Internal and external perimeters. The full analysis will provide a complete and current security posture of the organization.
INTERNAL VS. EXTERNAL
An External audit will simulate an attacker coming from the Internet (see diagram). This penetration testing will include three main ways into a given system: (1) open services on servers. (2) Network devices such as routers, and Firewalls. (3) Find weaknesses within Web Applications retrieving sensitive information by using SQL injections and other methods. Within each method, we search for human errors in the design and/or implementation, and/or user miss-configurations that can pose potential weaknesses. These weaknesses can be later exploited to deface a website, upload files, obtain access to a user’s mailbox, and obtain administrative rights.
An Internal audit will simulate an attacker that has a foothold in the internal perimeter (see diagram). This penetration testing will include three main ways into a given system: (1) open services on servers and workstations. (2) Find and locate systems defaults, security updates and etc. (3) Find databases that may have sensitive information due to vulnerabilities, updates, misconfiguration, and more.
DELIVERIES
- Executive summary
- Technical summary accompanied by a detailed report with all potential holes and how to mitigate them
- Redesign a secure infrastructure that is efficient and cost-effective in order to reduce the cost of ownership
