Brisk Infosec conducts Vulnerability Assessment by combining both manual techniques and automated tools to find vulnerabilities which are present. We pro-actively manage these assessments and ensure that false positives are kept to a minimum.
- Identify and understand the business processes to focus on critical and sensitive
- Finding hidden data sources as they often contain the Most Sensitive Data of organisation.
- Scan applications to test for new attack vectors, broken links and accessibility issues
- Vulnerability analysis used to identify weakness that could be exploited
Brisk Infosec’s Methodologies for Vulnerability Assessment is as follows
1. Information Gathering and Requirement Analysis
2. Test Execution
3. Vulnerability Analysis
Brisk Infosec conducts Vulnerability Assessment by both manual techniques and automated tools on all information systems and information system components of the company. It includes:
- Web Application, Mobile application, Servers, Databases etc.
- Mainframes, servers and other devices that provide centralised computing capabilities.
- SAN, NAS and other devices that provide centralised storage capabilities.
- Desktops, laptops and other devices that provide distributed computing capabilities.
- Routers, switches and other devices that provide network capabilities.
We follow the standards as per the client’s requirement and nature of the assessment, such as:
- PCI DSS
Improve Your Overall Security Posture, helps to identify almost all vulnerabilities, and helps to detect, prevent, respond to or mitigate cyber-attacks. Helps to identify the preexisting flaws in their code and their location.
Who should be involved in the tests?
Be meticulous when selecting members of the organisation to be involved with the test. Sufficient support should be provided to ensure safety and to make sure the testing and environment are properly scoped to meet the required objectives. Excessive involvement from multiple people and departments may cause confusion, create delays or jeopardise the results of testing detection capabilities.
How often should you conduct a Vulnerability Assessment or Penetration Test?
Vulnerability assessments are typically performed upon a significant change in the environment or at least quarterly to help ensure issues haven’t gone unnoticed throughout various upgrades, patches, and other changes that occur regularly within a company. Penetration tests are typically required to be performed annually based upon requirements set by various regulatory bodies and compliance frameworks.
Should testing take place against test or production systems?
Testing on production systems can limit the techniques employed during the test, which may produce inaccurate results regarding system security. If possible, penetration testing should be conducted against test or development systems so that potentially intrusive techniques can be used without jeopardizing the safety of the production environment. The one thing to be cautious of is that your test environment should be an exact replication of production, or you could end up with invalid results and a false sense of security.
What are the vulnerability assessment types Brisk Infosec performs?
Brisk Infosec follow different types of vulnerability assessment as follows
- Host assessment
- Network assessment
- Automated assessment
It completely depends on the client’s requirement and their environment.