Implementation method

Step 1
Network-based vulnerability scan: Identify the ports and services running on the ports, thereby assessing vulnerabilities that may be related to these services. The scan process is performed by using specialized tools to scan and diagnose network vulnerabilities.
Step 2
Application vulnerability scan: Identify published application vulnerabilities, or weaknesses in an insecure configuration of the deployment infrastructure or the application (web, web service, ...)
Step 3
Wireless vulnerability scan: Identify rouge access points, scan unsafe configurations for wireless networks.

Results

The result report includes the following:
Overview of objectives, scope of implementation.
Summary of approach, implementation methodology.
A report of identified vulnerabilities in the systems and their severity.
For each vulnerability: severity level (critical, high, medium, low) / CVSS score, detailed description, reference link, location/parameter of that vulnerability on the system, analysis of the possibility to be exploited internally/externally, proof of concept (PoC), steps to reproduce PoC, ….
The remediation for each vulnerability in the listed systems in the scope of work:
  • Detailed troubleshooting guide: instructions to fix source code, instructions to configure the system, links to download the patches, ...
  • Plan to minimize risks or temporarily fix vulnerabilities that cannot be completely handle.