Vulnerability Assessment

The Vulnerability Assessment represents the first level of the Proactive Security services. It is a security test based on the execution of non-invasive, automated and semi-automated scans, that are conducted with carefully selected open source and proprietary tools in order to detect the presence of known vulnerabilities within the analyzed IT infrastructure. The scan results are afterwards reviewed by highly qualified personnel, in order to remove the false positives and negatives that are potentially introduced by automated analysis tools.

Purpose

Promptly isolating the vulnerabilities actually present on the public network perimeter or within the private corporate network, the Vulnerability Assessment service enables the Client to maintain an up-to-date vision of the robustness of its IT systems, minimizing the security management efforts.

 

Scope

In order to assess the security level of the analyzed IT infrastructure, the team of specialists does not limit the analysis to the services exposed to attacks coming from the Internet, but it is capable to work on the following targets as well: servers, workstations, network equipment, and firewall devices exposed on the external perimeter or reachable from the private network. Moreover, scanning of application platforms is supported, covering both the web front-ends and the back-end databases. All the tests can be carried out from privileged position, in order to obtain an in-field assessment of the vulnerabilities that cannot be detected by means of attacks conducted solely from an external point of view. In detail, the Vulnerability Assessment can be targeted to the following technological scenarios:


Infrastructure and services Application platforms
Servers Web servers
Workstations Web 1.0 front-end
Network equipment Web 2.0 front-end
Firewall devices Back-end databases

 

 

Tools

In order to provide an independent, objective, and repeatable security evaluation, the Vulnerability Assessment is performed employing the best open source and  proprietary software tools, that guarantee the compliance with the relevant international standards (ISO/IEC 27001:2005, ISO/ IEC 27002:2005, ISO/IEC 27005:2008, ITIL, COBIT, GAO, FISCAM, PCI, SOX, HIPAA, CASPR, SET, NIST Best Practices, D.lgs 196/2003, other data protection laws).

Professional resources

To carry out the described activities, only highly qualified personnel with proven experience is employed by @ Mediaservice.net, holding internationally recognized professional certifications (CISSP, OPSA, OPST, OWSE, CISA, CISM, GCFA, ISO 27001 Lead Auditor, etc.). These certifications guarantee both advanced technical skills and high ethical profile of the specialists in charge of the tests.

Depending on the agreements between the parties, the professional resources will work in team at @ Mediaservice.net labs or within Client's premises.

Vulnerability Assessment - 366,67 kB Download the service datasheet.