Methodology applied to this type of service:

At this stage, we focus on gathering information on the client’s assets which are exposed on the internet via metadata or public sources. Our consultants then utilize our company’s tools or free software applications to trace the organization’s footprint on the internet and thus create an attack surface.

How vulnerable are your assets that are exposed on the internet?

We perform a scan of services and assets that are exposed (public) by searching for known vulnerabilities or unknown exploitation methods.

During this phase, we perform ports scans and vulnerabilities assessments in all computers, devices, databases and/or network equipment according to the required services that were previously agreed upon with the client.

After this stage, we classify the found vulnerabilities as critical, high, medium or low, to later facilitate their resolution according to the level of criticality for the impacted cyber asset.

Our service entails two phases or approaches in security testing. The first one is a passive phase where we observe and learn how the applications works. The goal is to understand the logic behind each operation and identify the potential attack vectors and/or vulnerabilities. Then, there is a second phase during which the proposed tests are actively executed according to the previously-identified vectors

Through this string of analyses, we assess the predominant level of security within the application and identify any weaknesses and/or vulnerabilities that could allow unauthorized access to the client’s private resources. After this examination is complete we are able to provide global recommendations on required actions to mitigate the associated risks.