ݺߣ

ݺߣShare a Scribd company logo

Enterprise security assessment types

?
?
Bob Resmerita
Bob Resmerita

The document describes various security assessments that can be performed including application security assessment, network security assessment, host security assessment, penetration testing, database security assessment, and web application security assessment. Each assessment identifies vulnerabilities and weaknesses. Technical and executive reports are provided with detailed vulnerabilities and remediation solutions as well as high-level findings.

1 of 1
Downloaded 11 times
Applica?on ? S ecurity ?Assessment Features ? Network ?S ecurity ?Assessment ? ? Assessing ?applica?on ?security ?-?\ ?both ?web ?(browser ?based), ?non-?\web ?(client/server, ?compiled ?binaries, ?command ?line, ?etc.), ? including ?front-?\end ?and ?back-?\end ?systems. ? Features ? ? Security ?tes6ng ?collabora6on ?& ?governance ?through ?applica6on ?lifecycle. ? Tests ?the ?security ?of ?I T ?systems ?in ?the ?network, ?by ?iden6fying ?and ?de?ning ?weaknesses ? ? Assist ?with ?the ?development ?of ?applica6on ?security ?frameworks, ?applica6on ?development ?training, ?the ?implementa6on ?of ? ? Determines ?the ?resilience ?of ?network ?to ?malicious ?a<empts ?towards ?systems. secure ?SoXware ?D evelopment ?L ifecycles ?(SDLC) ? ? Complete ?overview ?of ?an ?applica6on ?security ?posture ?by ?conduc6ng: ? Deliverables ? o Dynamic ?Analysis ?(DAST)/BlackBox ?Analysis: ?as ?a ?remote ?a<acker ?on ?any ?deployed ?applica6on, ?performing ?security ?analysis ? ? Technical-?\detailed ?report ?-?\ ?vulnerabili6es ?are ?presented, ?along ?with ?remedia6on ?solu6ons ? of ?a ?compiled ?applica6on ?already ?in ?produc6on ? and ?patches. ? o Sta6c ?Analysis ?(SAST)/WhiteBox ?Analysis: ?analyzing ?the ?source ?code ?for ?security ?issues ?even ?for ?newly ?developed, ?yet ?not ? ? Execu?ve-?\type ?report ?-?\ ?outlines ?the ?current ??ndings ?and ?presents ?the ?data ?at ?a ?macro-?\level ? deployed ?applica6ons ?= ?Source ?C ode ?Review ? Deliverables ? ? Technical-?\detailed ?report ?-?\ ?vulnerabili6es ?are ?presented, ?along ?with ?remedia6on ?solu6ons ?and ?patches. ? Host ? S ecurity ?Assessment ? Execu?ve-?\type ?report ?-?\ ?outlines ?the ?current ??ndings ?and ?presents ?the ?data ?at ?a ?macro-?\level ? Features ? ? Provides ?addi6onal ?insight ?into ?the ?servers ?security ?con?gura6on ?that ?cannot ?be ?seen ?from ?the ? network. ? Penetra?on ? Tes?ng ? Allows ?for ?the ?iden6?ca6on ?of ?addi6onal ?exposures ?and ?con?gura6on ?weaknesses ?that ?may ?make ?a ? host ?more ?suscep6ble ?to ?compromise, ?or ?make ?a ?successful ?compromise ?more ?e?ec6ve. ? Features ? ? The ?test ?is ?performed ?from ?the ?view ?point ?of ?a ?host ?or ?devices ?console ?logged ?in ?with ?privileged ? ? Inves6gates ?an ?informa6on ?system ?from ?an ?a<acker's ?perspec6ve ?to ?iden6fy ?weaknesses ?before ?real ?a<ackers ?do. ? Enterprise IT Security access. ? Full ?range ?of ?assessments ?that ?simulate ?aDack ?tes?ng ?scenarios ?(OSSTM ?-?\ ?Open ?Source ?Security ?Tes6ng ?Methodology): ? Assessment Types ? Ensures ?the ?host's ?opera6ng ?system ?and ?applica6ons ?have ?been ?appropriately ?hardened ?to ?give ?the ? o External ?penetra6on ?test ?C ?simulates ?casual ?or ?focused ?intruders ?on ?the ?I nternet ?with ?limited ?knowledge ? best ?protec6on ? o Internal ?penetra6on ?test ?-?\ ?simulates ?disgruntled ?or ?careless ?employees ?or ?contractors ?with ?legi6mate ?access ?to ?the ?network ? o Extranet ?penetra6on ?test ?C ?simulates ?business ?partners ?who ?are ?part ?of ?the ?corporate ?Extranet ? ? ? ?Deliverables ? o Remote ?access ?penetra6on ?test ?C ?simulates ?casual ?or ?focused ?intruders ?from ?known ?and ?unknown ?remote ?access ?entry ?points ? ? Technical-?\detailed ?report ?-?\ ?vulnerabili6es ?are ?presented, ?along ?with ?remedia6on ?solu6ons ?and ? patches. ? Deliverables ? ? Execu?ve-?\type ?report ?-?\ ?outlines ?the ?current ??ndings ?and ?presents ?the ?data ?at ?a ?macro-?\level ? ? Technical-?\detailed ?report ?-?\ ?vulnerabili6es ?are ?presented, ?along ?with ?remedia6on ?solu6ons ?and ?patches. ? ? Execu?ve-?\type ?report ?-?\ ?outlines ?the ?current ??ndings ?and ?presents ?the ?data ?at ?a ?macro-?\level. Web ?Applica?on ? S ecurity ?Assessment ? Database ?S ecurity ?Assessment Features ? ? Iden6?es ?vulnerabili6es ?inherent ?to ?a ?web ?applica6on, ?regardless ?of ?the ?technology ?in ?which ?it ?is ? Features ? implemented, ?or ?the ?security ?of ?the ?web ?server ?or ?back ?end ?database ?on ?which ?it ?is ?built. ? ? Provides ?the ?outside-?\in ?view ?of ?databases ?security ?posture ?that ?is ?safe ?for ?use ?on ?produc6on ?systems. ? ? Discover ?vulnerabili6es ?in ?websites ?and/or ?web ?applica6ons ?either ?in ?the ?front ?end ?or ?the ?back ?end ?systems. ? ? The ?tests ?are ?executed ?without ?the ?need ?to ?schedule ?down6me ?and ?can ?operate ?in ?a ?6ght ?maintenance ?window. ? ? Audi6ng ?the ?Access ?C ontrol ?modules ?in ?web ?applica6ons ?(CMS ?systems ?etc.), ?our ?team ?might ?require ? ? Database ?D iscovery: ?we ?will ?iden6fy ?every ?database ?by ?vendor ?and ?release ?level. ? temporary ?user ?accounts ?in ?those ?applica6ons. ? ? Database ?Vulnerability ? Assessment: ?iden6?es ?vulnerabili6es ?and ?miscon?gura6ons. ? ? User ?Rights ?Review: ?a ?comprehensive ?analysis ?of ?users' ?access ?and ?veri?ca6on ?of ?appropriate ?granted ?access ?level. Deliverables ? ? Technical-?\detailed ?report ?-?\ ?vulnerabili6es ?are ?presented, ?along ?with ?remedia6on ?solu6ons ?and ?patches. ? Deliverables ? ? Execu?ve-?\type ?report ?-?\ ?outlines ?the ?current ??ndings ?and ?presents ?the ?data ?at ?a ?macro-?\level ? ? Technical-?\detailed ?report ?-?\ ?vulnerabili6es ?are ?presented, ?along ?with ?remedia6on ?solu6ons ?and ?patches. ? ? Execu?ve-?\type ?report ?-?\ ?outlines ?the ?current ??ndings ?and ?presents ?the ?data ?at ?a ?macro-?\level ? ?

More Related Content

Enterprise security assessment types

  • 1. Applica?on ? S ecurity ?Assessment Features ? Network ?S ecurity ?Assessment ? ? Assessing ?applica?on ?security ?-?\ ?both ?web ?(browser ?based), ?non-?\web ?(client/server, ?compiled ?binaries, ?command ?line, ?etc.), ? including ?front-?\end ?and ?back-?\end ?systems. ? Features ? ? Security ?tes6ng ?collabora6on ?& ?governance ?through ?applica6on ?lifecycle. ? Tests ?the ?security ?of ?I T ?systems ?in ?the ?network, ?by ?iden6fying ?and ?de?ning ?weaknesses ? ? Assist ?with ?the ?development ?of ?applica6on ?security ?frameworks, ?applica6on ?development ?training, ?the ?implementa6on ?of ? ? Determines ?the ?resilience ?of ?network ?to ?malicious ?a<empts ?towards ?systems. secure ?SoXware ?D evelopment ?L ifecycles ?(SDLC) ? ? Complete ?overview ?of ?an ?applica6on ?security ?posture ?by ?conduc6ng: ? Deliverables ? o Dynamic ?Analysis ?(DAST)/BlackBox ?Analysis: ?as ?a ?remote ?a<acker ?on ?any ?deployed ?applica6on, ?performing ?security ?analysis ? ? Technical-?\detailed ?report ?-?\ ?vulnerabili6es ?are ?presented, ?along ?with ?remedia6on ?solu6ons ? of ?a ?compiled ?applica6on ?already ?in ?produc6on ? and ?patches. ? o Sta6c ?Analysis ?(SAST)/WhiteBox ?Analysis: ?analyzing ?the ?source ?code ?for ?security ?issues ?even ?for ?newly ?developed, ?yet ?not ? ? Execu?ve-?\type ?report ?-?\ ?outlines ?the ?current ??ndings ?and ?presents ?the ?data ?at ?a ?macro-?\level ? deployed ?applica6ons ?= ?Source ?C ode ?Review ? Deliverables ? ? Technical-?\detailed ?report ?-?\ ?vulnerabili6es ?are ?presented, ?along ?with ?remedia6on ?solu6ons ?and ?patches. ? Host ? S ecurity ?Assessment ? Execu?ve-?\type ?report ?-?\ ?outlines ?the ?current ??ndings ?and ?presents ?the ?data ?at ?a ?macro-?\level ? Features ? ? Provides ?addi6onal ?insight ?into ?the ?servers ?security ?con?gura6on ?that ?cannot ?be ?seen ?from ?the ? network. ? Penetra?on ? Tes?ng ? Allows ?for ?the ?iden6?ca6on ?of ?addi6onal ?exposures ?and ?con?gura6on ?weaknesses ?that ?may ?make ?a ? host ?more ?suscep6ble ?to ?compromise, ?or ?make ?a ?successful ?compromise ?more ?e?ec6ve. ? Features ? ? The ?test ?is ?performed ?from ?the ?view ?point ?of ?a ?host ?or ?devices ?console ?logged ?in ?with ?privileged ? ? Inves6gates ?an ?informa6on ?system ?from ?an ?a<acker's ?perspec6ve ?to ?iden6fy ?weaknesses ?before ?real ?a<ackers ?do. ? Enterprise IT Security access. ? Full ?range ?of ?assessments ?that ?simulate ?aDack ?tes?ng ?scenarios ?(OSSTM ?-?\ ?Open ?Source ?Security ?Tes6ng ?Methodology): ? Assessment Types ? Ensures ?the ?host's ?opera6ng ?system ?and ?applica6ons ?have ?been ?appropriately ?hardened ?to ?give ?the ? o External ?penetra6on ?test ?C ?simulates ?casual ?or ?focused ?intruders ?on ?the ?I nternet ?with ?limited ?knowledge ? best ?protec6on ? o Internal ?penetra6on ?test ?-?\ ?simulates ?disgruntled ?or ?careless ?employees ?or ?contractors ?with ?legi6mate ?access ?to ?the ?network ? o Extranet ?penetra6on ?test ?C ?simulates ?business ?partners ?who ?are ?part ?of ?the ?corporate ?Extranet ? ? ? ?Deliverables ? o Remote ?access ?penetra6on ?test ?C ?simulates ?casual ?or ?focused ?intruders ?from ?known ?and ?unknown ?remote ?access ?entry ?points ? ? Technical-?\detailed ?report ?-?\ ?vulnerabili6es ?are ?presented, ?along ?with ?remedia6on ?solu6ons ?and ? patches. ? Deliverables ? ? Execu?ve-?\type ?report ?-?\ ?outlines ?the ?current ??ndings ?and ?presents ?the ?data ?at ?a ?macro-?\level ? ? Technical-?\detailed ?report ?-?\ ?vulnerabili6es ?are ?presented, ?along ?with ?remedia6on ?solu6ons ?and ?patches. ? ? Execu?ve-?\type ?report ?-?\ ?outlines ?the ?current ??ndings ?and ?presents ?the ?data ?at ?a ?macro-?\level. Web ?Applica?on ? S ecurity ?Assessment ? Database ?S ecurity ?Assessment Features ? ? Iden6?es ?vulnerabili6es ?inherent ?to ?a ?web ?applica6on, ?regardless ?of ?the ?technology ?in ?which ?it ?is ? Features ? implemented, ?or ?the ?security ?of ?the ?web ?server ?or ?back ?end ?database ?on ?which ?it ?is ?built. ? ? Provides ?the ?outside-?\in ?view ?of ?databases ?security ?posture ?that ?is ?safe ?for ?use ?on ?produc6on ?systems. ? ? Discover ?vulnerabili6es ?in ?websites ?and/or ?web ?applica6ons ?either ?in ?the ?front ?end ?or ?the ?back ?end ?systems. ? ? The ?tests ?are ?executed ?without ?the ?need ?to ?schedule ?down6me ?and ?can ?operate ?in ?a ?6ght ?maintenance ?window. ? ? Audi6ng ?the ?Access ?C ontrol ?modules ?in ?web ?applica6ons ?(CMS ?systems ?etc.), ?our ?team ?might ?require ? ? Database ?D iscovery: ?we ?will ?iden6fy ?every ?database ?by ?vendor ?and ?release ?level. ? temporary ?user ?accounts ?in ?those ?applica6ons. ? ? Database ?Vulnerability ? Assessment: ?iden6?es ?vulnerabili6es ?and ?miscon?gura6ons. ? ? User ?Rights ?Review: ?a ?comprehensive ?analysis ?of ?users' ?access ?and ?veri?ca6on ?of ?appropriate ?granted ?access ?level. Deliverables ? ? Technical-?\detailed ?report ?-?\ ?vulnerabili6es ?are ?presented, ?along ?with ?remedia6on ?solu6ons ?and ?patches. ? Deliverables ? ? Execu?ve-?\type ?report ?-?\ ?outlines ?the ?current ??ndings ?and ?presents ?the ?data ?at ?a ?macro-?\level ? ? Technical-?\detailed ?report ?-?\ ?vulnerabili6es ?are ?presented, ?along ?with ?remedia6on ?solu6ons ?and ?patches. ? ? Execu?ve-?\type ?report ?-?\ ?outlines ?the ?current ??ndings ?and ?presents ?the ?data ?at ?a ?macro-?\level ? ?