VULNERABILITY ASSESSMENT

Vulnerability
Security Vulnerability Assessment helps in finding hidden or undiscovered vulnerabilities in the system and network. Most of the successful attack rate is depend upon the vulnerabilities existence. It provides solution to find out the vulnerabilities with manual or automation approaches.

Benefits:
Helps in define and categorized organization resources Provides importance level to the resource Helps in identify potential threats to resource through analyze security threats and control by using measures Maintain technical security level in the network and system that can be prevented and detected Management of patch and update system practices in the proper way. Create and analyze security benchmark of the company Help in the risk management process by providing vulnerabilities information of the organization that leads to reduction of the risk and liability. Entrust Approach: Develop Strategic, Select Appropriate Tools, Execute SVA Plan, and Develop Report and Post Action. SVA vs. Penetration Testing VM

Penetration Testing:
Penetration testing is the process of attempting to gain access to resources without knowledge of user-names, passwords and other normal means of access. If the focus is on computer resources, then examples of a successful penetration would be obtaining or subverting confidential documents, pricelists, databases and other protected information. A critical complement to vulnerability scanning, penetration testing proves the extent to which vulnerabilities can be exploited by emulating what a hacker may do in a controlled and methodical approach. Entrust Solutions offers comprehensive penetration testing and vulnerability assessments to secure your information assets from attackers, both inside and outside your infrastructure. We, Entrust offer Black Box Testing (No prior knowledge), White Box Testing (With prior knowledge) and Gray Box Testing (Combination of both blackbox and witebox).

Need of Penetration Testing
There are a variety of reasons for performing a penetration test. One of the main reasons is to find vulnerabilities and fix them before an attacker does. Sometimes, the IT department is aware of reported vulnerabilities but they need an outside expert to officially report them so that management will approve the resources necessary to fix them. Having a second set of eyes check out a critical computer system is a good security practice. Testing a new system before it goes on-line is also a good idea. Another reason for a penetration test is to give the IT department at the target company a chance to respond to an attack. To summarize, following list are the key concern to perform the Penetration test.

  • Find Holes Now Before Somebody Else Does
  • Report Problems to Management
  • Verify Secure Configurations
  • Security Training For Network Staff
  • Discover Gaps In Compliance
  • Testing New Technology

Solutions

Benefits of a Entrust Penetration Test

  • Avoid the cost of network downtime
  • Easily-correctible weaknesses, like an unpatched server or a default password.
  • Provides basis to plan further security spending, and a justification
  • Intelligently manage vulnerabilities
  • Preserve corporate image and customer loyalty
  • Protect business partner relationships

Entrust Approach

  • Segment 1, Network Security Assessment
  • Segment 2, Security Assessment of Server, OS (Web Server, Mail etc.)
  • Segment 3, Security assessment of web applications.

Project Deliverables
The results of the project will be documented in a Security Assessment Report, which will include the following:

  • Executive Summary with a matrix of high priority issues identified and “layman’s” description of impact suitable for senior management
  • Technical Overview of issues identified including:
    • Name of application
    • Security weakness (e.g. Input Validation flaw allows Denial of Service Condition)
    • Potential Impact (eg. High, Medium, Low)
    • Description of impact (eg. An authorized user can insert invalid input into the application causing a denial of service condition requiring full system reset).
    • Evidence of impact (e.g. screen shot, system log extract, system code extract)
    • Technical Description of Suggested Fix (e.g. perform known good input validation of the following form fields in the web application)
    • Videos/screenshot of the successful attack patterns to be used to highlight for management.