Vulnerability Assessment

Vulnerability Assessment is often a starting point in cyber security tests. Your websites, mobile applications and servers will be scanned for common and known vulnerabilities.

In Singapore, Rapid7, Nessus and Acunetix are recommended as vulnerability scanners for websites and servers. We will first identify common security issues and recommend mitigation solutions. Later, we will discover more complex and cross-functional security issues during Penetration Testing and Source Code Review.

1. Search for common and known vulnerabilities

  • Step 1: Preliminary proposal
    Our consultants will work with you to understand your business objectives and cyber security requirements. Then we will tailor our service to these to deliver maximum benefit.
  • Step 2: Vulnerability assessment
    Our consultants will perform a deep analysis of your information systems to determine the extent of your vulnerabilities. These will be categorised against a criteria of Criticality, Exploitability, Impact and Probability.
  • Step 3: Vulnerability assessment report
    Our consultants will provide you with a detailed report that clearly states the vulnerabilities identified during the assessment, their potential impacts on your business and recommended solutions.

2. Our Services

2.1 Web Vulnerability Assessment (Web VA)

Your web applications are the first and easiest target for hackers. We need to scan your web applications to have an overall insight of your web vulnerabilities.

We can detect the Open Web Application Security Project (OWASP) Top 10 Vulnerabilities:

  • Injection
  • Broken Authentication and Session Management
  • Cross-Site Scripting
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross Site Request Forgery (CSRF)
  • Using Components with Known Vulnerabilities
  • Unvalidated Redirects and Forwards

2.2 OS Vulnerability Assessment (OS VA)

Networks and operating systems (Windows and Linux servers) are the base infrastructure for all business applications. We need to scan for poorly designed networks or unpatched servers.

The techniques can be performed during the assessment:

  • Unknown and known asset identification
  • Credentialed or network based vulnerability discovery
  • Sensitive content auditing
  • Selective re-scan by host, net, sub-net, etc.
  • Authentication weaknesses
  • Botnet/Malicious
  • Process/Anti-virus auditing
  • Compliance Auditing