Vulnerability testing is intended to evaluate the overall security posture of your enterprise from the perspective of an anonymous source on the Internet as it relates to services your company makes available across the Internet. It will help you identify security gaps and provide remediation guidance.
External Vulnerability Assessment
External Security Assessments are intended to evaluate the overall security posture of your enterprise from the perspective of an anonymous source on the Internet. Our methodology starts with a process called “Fingerprinting,” during which time we do reconnaissance on the target organization by reviewing public sources of information (such as the network registrars, DNS servers, email servers, routing tables, public special interest groups, etc.) to evaluate the potential information that is available for an anonymous attacker to gather as base information to start an attack or even feed into a parallel route that might exploit non-technical weaknesses.
Internal Vulnerability Assessment
Internal Vulnerability Assessments differ from external assessments in that their goal is to evaluate the overall security posture of the enterprise against potential attacks from “insiders,” other trusted parties or an attacker who has already successfully penetrated the perimeter of the organization. In conjunction with the Enterprise Architecture Assessment as a first step, we perform technical testing with the QualysGuard Vulnerability Manager platform using a scanning profile that is mutually selected for the assets in scope of the review. With the data we collect during the technical testing phase and in conjunction with information gathered during the Architecture Assessment, we then perform extensive root cause analysis prior to compiling a summary report of findings.