Vulnerability Assessment
The goal of a Vigilant Cyber Services vulnerability assessment is to proactively identify security risks and vulnerabilities that may allow access to confidential areas of a network or obtain unauthorized access to corporate assets within the organization. This assessment will produce a deliverable cataloging potential vulnerability in the environment and outline a remediation strategy to resolve the listed issues.
External Vulnerability Assessment
Assess the environment from the external or public view to identify vulnerabilities that may allow access to confidential areas of a network, allow a denial of service to be performed, or obtain sensitive internal information.
Internal Vulnerability Assessment
Assess the environment from the internal view of the network to identify vulnerabilities that may allow access to confidential areas of a network, allow a denial of service to be performed, or sensitive internal information. Password complexities are also verified, virus protection and patch management are assessed, and a sample number of servers and workstations are reviewed to provide recommendations on how to enhance the organizations security posture.
Penetration Testing
Vigilant Cyber Services utilizes penetration testing to confirm the true risk state of vulnerabilities identified during or after a vulnerability assessment. Whereas a vulnerability assessment pinpoints and documents weaknesses in a system, penetration testing will take it to the next step and manually exploit the identified vulnerability. Through vulnerability exploitation process, Vigilant Cyber Services engineers will gain root or administrator-level access to the target systems and other trusted user account access.
During this process, advanced tools and proprietary utilities will be used to maintain availability of the servers while gaining access to potential vulnerable services. After manual verification of the information from the testing, Vigilant Cyber Services will provide a mitigation plan to secure the systems and prevent the information from being accessed. Vigilant Cyber Services is the de facto expert in the penetration testing sector and covers a variety of various technologies such as but not limited to:
- Perimeter Segments (DMZ, RAS, & Extranet)
- Internal Segments (LAN, WAN, & VPN)
- Wireless Networking (WLAN & WWAN)
- Telephony (VoIP & Traditional TDM)
- Virtualization Infrastructure (Server, Desktop, Cloud)
- Application Architecture (Web, Database, & Stand-Alone)
- Mobile Cloud Computing (BYOD Systems)
- Application & Database Assessment / Penetration Testing
Vigilant Cyber Services application assessments determine if it is possible to breach or compromise system applications throughout the enterprise system and ensures that all tiers of the application and database architecture are properly secured on both the server side or the client side. Vigilant Cyber Services will focus on safeguarding the application system and surrounding infrastructure from threats, vulnerabilities, or exploitation and all application sub-systems. The assessments include various application and database attack methods such as:
- SQL Injection
- Cross-Site Scripting
- Arbitrary Code Execution
- Authentication Bypass
- Input Validation / Input Tampering
- URL Manipulation
- Hidden Variable Manipulation
- Buffer Overflows
- Cookie Modification
Vigilant Cyber Services application penetration testing is a key technique for verifying the security of applications. Combining manual testing with manual code review makes our hybrid application verification approach more comprehensive and more accurate than any other method.
Vigilant Cyber Services performs application penetration testing on complex enterprise applications for both large and small organizations. Our specialty is applications with complex architectures and security features. Over many years, we have tuned our process to be extremely efficient and effective.
Application penetration testing is uniquely effective at demonstrating the exploit-ability of a vulnerability. Manual penetration testing is also frequently the only way that environmental security controls, such as web application firewalls, URL-based access control mechanisms, and centralized authentication gateways can be tested. If code is not available, then creative penetration testing is the only way to generate assurance.
Application Code Review
Vigilant Cyber Services has unparalleled experience verifying the security of the code for complex enterprise applications. We verify all lines of code across a wide range of platforms and frameworks. Over many years, we have tuned our process to be extremely efficient and effective. Many vulnerabilities cannot be discovered without looking at the code, and for many other flaws, code review is simply more efficient than scanning or testing. Manual code review is the only way that several key security controls can be verified including access control, encryption, data protection, logging, and back-end system communications and usage.
Manual code review is also very useful in identifying the attack surface of an application and tracing how data flows through an application from its sources to its sinks. Manual code review helps Vigilant Cyber Services understand the actual security architecture as implemented, so that we can isolate architectural flaws.
Vigilant Cyber Services has deep experience with virtually all modern software environments and frameworks, including C/C++, Java, .NET, ASP, Oracle, ColdFusion, Ajax, Struts, Spring, and many more. Even if the application code was not developed internal or a home brew ,Vigilant Cyber Services will work with any third party software provider.
Secure Application Architecture & Design
Furthermore, Vigilant Cyber Services can not only assist in making your application more secure but operate in a state of efficient performance. We help design, implement, and deploy secure applications for any need with your business model.