The overall objective of a Vulnerability Assessment is to scan, investigate, analyze and report on the level of risk associated with any security vulnerabilities discovered on the public, internet-facing devices and to provide your organization with appropriate mitigation strategies to address those discovered vulnerabilities. The Risk Based Security Vulnerability Assessment methodology has been designed to comprehensively identify, classify and analyze known vulnerabilities in order to recommend the right mitigation actions to resolve the security vulnerabilities discovered.
Data Gathering & Project Setup:
- Review of the project assumptions;
- Detail the list of IP addresses to be scanned;
- Arrange to configure (IDS/IPS) to accept the originating IP address;
- Optional scan using User credentials;
- Contact information for both parties; and
- Plan the scans including time-of-day.
Scanning Tools Set-up
Conduct Vulnerability Scans
- Perform an in-depth scan of the IP addresses provided and any optional User credential scans to identify security weaknesses and vulnerabilities.
Vulnerability Research & Verification
- Verify all vulnerabilities discovered;
- Identify false positives;
- Determine the potential impact of exploited vulnerabilities;
- Prioritize remediation efforts; and
- Generate specific recommendations for remediation.
Report Creation & Project Close-out
- Deliver a final report
- Scheduled project close-out teleconference
- Ensure full understanding of the recommended remediation actions
- Facilitate an effective knowledge transfer