Vulnerability Assessment

Vulnerability Assessment, Penetration Test

There are two ways to get an objective view of your security infrastructure.  One is to have it tested by a third party.  Another is to be targeted by an attacker.  We prefer option one, and that’s where our Vulnerability Assessment service comes in (sometimes called a Penetration Test).  We target your network like an attacker would, providing you with real-world data and mitigation strategies you can use to reduce your risk.

With our popular Vulnerability Assessment, you will:

  • Take advantage of our time-tested, repeatable methodology, customized to your specific needs
  • Set the scope to cover what you need – from single, critical systems, to assessments that cover large, multi-site environments
  • Comply with security regulations that mandate third-party testing
  • Show your customers your commitment to security
  • Provide extensive data for auditors
  • Enjoy our proven testing process, which combines dozens of different tools with our years of experience to thoroughly assess your security infrastructure
  • Gain a clear picture of your vulnerabilities by proactively looking for holes just the way an attacker would
  • Prove your security and remediation efforts with our popular Follow Up Assessment
  • Use our comprehensive report in both the server room and board room

Service Details:

Initial Surveying:
We will survey the network address range to gather any information that may be relevant, such as Domain Names, Server Names, Email addresses, IP Addresses, ISP and hosting provider information, System, and Service Owners.

Port Scanning:
After gathering basic network information, we port scan the network using various scanning techniques which may include, but are not limited to: UDP scan, TCP SYN scan, TCP FIN scan, and Xmas scan.

System Fingerprinting:
With the basic information in hand, we dig deeper to determine machine-specific Information through system fingerprinting.

Services Identification:
We fingerprint each listening service to determine what application is running on each listening port, as well as the version of that application.

Automated Vulnerability Scanning:
We use various automated vulnerability scanners on the network.  These typically include open source tools, commercial tools, cgi scanning tools, as well as proprietary scanners.  In most cases, multiple tools will be run in order to compensate for an individual scanner’s weaknesses and to provide more accurate results.

Vulnerability Research:
After we have a detailed listing of applications and general overview of vulnerabilities, we conduct vulnerability research from our own vulnerability databases, online databases and security mailing lists to determine threat levels based on industry best practices.

SQL/Application Testing (if applicable):
From an external source, we test any SQL applications through CGI scripts to locate possible server-side code vulnerabilities.  CGI scripts will be tested with and without malformed data.  Also, each script will be tested with standalone invocation (i.e. not from a webform) to test how they handle unexpected data and unexpected runtime. Permissions on scripts and web server environment will be tested.  We test user inputs for input validation and SQL injection vulnerabilities.

Password Testing (if applicable):
We test any log-in fields found in web forms via brute force using a list of common usernames and passwords.  Common passwords and usernames (depending on application and speed of server) will be combined to form 10,000 to 50,000 password/username combinations in an attempt to guess a successful login combination.

Manual Vulnerability Testing and Verification:
During a vulnerability assessment, it is critical for a qualified engineer to manually review vulnerabilities that are produced during automated scanning.  Automated tools can produce false positives and even worse, false negatives.  Each vulnerability discovered will be reviewed and, where necessary and possible, tested to verify that it constitutes a threat.

Firewall & Access Control List Testing:
During this step the firewall will be fingerprinted and analyzed.  We will perform ACL testing to make sure the firewall/ACLs are stopping potentially harmful traffic.  This step may include firewalking to determine filter rules and assist in mapping the network.

Router Testing (if applicable):
We probe the external router(s) that connect the network to the Internet for vulnerabilities.  Where possible the border network devices may be brute force tested with a set of common usernames and passwords.  Border router security is overlooked in many cases.

Report & Recommendations:
A detailed, custom-written report will be created based on the data gathered above.  It will contain information about methodologies used in the assessment, details of the scan results, details of each host found, and vulnerabilities discovered.  In addition, we provide recommendations on how to mitigate each vulnerability discovered.

Follow Up Assessment (Optional)
After the initial assessment is complete, Webfargo will perform a follow up assessment on any vulnerabilities found.  This is a reduced-scope assessment, and will only include the vulnerabilities discovered during the primary assessment(s).  The goal of the follow up assessment is to check to see if the vulnerabilities still exist after your remediation efforts.  The associated report will indicate whether your have appropriately addressed the vulnerabilities or if there is still work to be done.