SlideShare a Scribd company logo

9. Vulnerability Assessments-cyber51

D
Doree Garcia, CCNA, OSWP

This document provides information about vulnerability assessments performed by Cyber 51 LLC. A vulnerability assessment checks network components and web applications for security vulnerabilities that could allow unauthorized access. It identifies known and unknown vulnerabilities, missing patches, outdated systems and open ports. Regular vulnerability assessments are recommended as hackers attack networks daily to find and exploit weaknesses. A vulnerability assessment is less intrusive than a penetration test, which attempts to actively hack systems based on found vulnerabilities.

1 of 3
Download to read offline
  Cyber  51  LLC     267  Kentlands  Blvd.  #800,  Gaithersburg,  Maryland,  20878,  USA   Email:  info@cyber51.com    Phone:  (301)  830-­‐6702     What is a Vulnerability Assessment? Checks either or both Network components (Firewalls, Routers, Servers etc.) and Web Application Components (Websites, Portals, Restricted Web Access Systems etc.). The goal of the vulnerability assessment is to find loopholes in security, which would allow an intruder to gain unauthorized access. • Checks Network equipment (Servers, Routers etc.) for Vulnerabilities • Checks Web Applications (Websites, Portals etc.) for Vulnerabilities • Same Checks Hackers employ prior to hacking into a client network What Checks are being performed on a vulnerability assessment? The checks include the search for known and unknown system or web application vulnerabilities, missing patch levels, out of date operating systems, out of date software revisions as well as open and exposed ports. • Known and Unkown Vulnerabilities in Network or Web App components • Out of date software / hardware in use • Missing patches • Open and exposed services and ports Why a Vulnerability Assessment? Organized crime but also hackers with a pure interest in destruction attack millions of Internet facing customer networks daily. If you care about your IT infrastructure and you want it safeguarded, you should regularly have vulnerability assessments performed, before a malicious hacker exploits potential weaknesses. • Variety of hackers who do it for fame, financial gain or just for fun • Mainly untraceable by law enforcement as attacks come from countries with little IT legislation (China, Russia, South America, Bangladesh etc.)
  Cyber  51  LLC     267  Kentlands  Blvd.  #800,  Gaithersburg,  Maryland,  20878,  USA   Email:  info@cyber51.com    Phone:  (301)  830-­‐6702     What’s the difference between a Vulnerability Assessment and a Penetration Test? A vulnerability assessment is part of a Penetration Test and constitutes the first phases. In a vulnerability assessment the customer receives a report which outlines all different vulnerabilities encountered, advices on missing patch levels, out of date hardware and software and provides mitigation advice to close the loopholes down. A Penetration Test on the other hand will then also try to actively hack all systems where vulnerabilities have been encountered. For small businesses a Vulnerability Assessment is usually sufficient. A vulnerability system is non-intrusive, which means no harmful actions against the tested systems are being performed. • Vulnerability Assessment: Checks and advices on vulnerabilities • Penetration Test: Attempts full hack based on the vulnerabilities found What should SMB clients have their systems and applications checked? Hackers don’t care whether the target is a fortune 500 company or a small online flower shop. Just because the business is small doesn’t prevent it from being attacked. Every system which is exposed to the Internet shares an equal risk of being hacked. • Often less security than at Fortune 500 companies in place • Hackers don’t differentiate between targets and often choose least secure • Systems who are exposed to the internet share an equal risk What does the free Vulnerability Assessment contain and what’s the difference to a paid service? The customer will be able to choose 1 system (IP address) or 1 Web Application they would like to be assessed. The customer will then receive a basic report, which highlights the vulnerabilities found. This is a basic report only. The paid service checks multiple IP addresses (Servers / Web Application) and is accompanied by a highly comprehensive report which outlines all vulnerabilities, missing patch levels, out of date hardware, software and open ports. Additionally it will also contain complete mitigation advice and a debrief call. • Free Vulnerability Assessment: 1 system or Web App checked – Basic Report • Paid Vulnerability Assessment: Checks against all chosen systems / Web Apps. Detailed Report, Details Mitigation Advice, Kick-off and Debrief Calls
  Cyber  51  LLC     267  Kentlands  Blvd.  #800,  Gaithersburg,  Maryland,  20878,  USA   Email:  info@cyber51.com    Phone:  (301)  830-­‐6702     How many systems actually do have vulnerabilities? In our assessments we find that 95% of all of our clients have either at least one or more critical, high or medium severity vulnerabilities. • 95% of all systems and Web Apps have vulnerabilities • We haven’t had a single customer where we were not able to break security eventually. Why are there so many vulnerabilities? IT landscape changes at rapid speed. Businesses use a lot of open source software, don’t maintain latest software revisions, have unnecessary services and port exposed to the Internet but are unaware of the security holes they are introducing. • Wrong configuration of servers • Weak Application Coding • Use of Open Source software • Exposing unneeded ports and services to the Internet CONTACT US TODAY! • Get a Free Consultation Call and Quotation • Get a Penetration Test Sample Report

Recommended

Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
Network Intelligence India
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
A Brief Insight into Penetration Testing
A Brief Insight into Penetration TestingA Brief Insight into Penetration Testing
A Brief Insight into Penetration Testing
Vikram Khanna
 
Web Application Security For Small and Medium Businesses
Web Application Security For Small and Medium BusinessesWeb Application Security For Small and Medium Businesses
Web Application Security For Small and Medium Businesses
Sasha Nunke
 
What is penetration testing and career path
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career path
Vikram Khanna
 
Introduction to Penetration testing and tools
Introduction to Penetration testing and toolsIntroduction to Penetration testing and tools
Introduction to Penetration testing and tools
Vikram Khanna
 
Introduction to Application Security Testing
Introduction to Application Security TestingIntroduction to Application Security Testing
Introduction to Application Security Testing
Mohamed Ridha CHEBBI, CISSP
 

Recommended

Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
Network Intelligence India
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
A Brief Insight into Penetration Testing
A Brief Insight into Penetration TestingA Brief Insight into Penetration Testing
A Brief Insight into Penetration Testing
Vikram Khanna
 
Web Application Security For Small and Medium Businesses
Web Application Security For Small and Medium BusinessesWeb Application Security For Small and Medium Businesses
Web Application Security For Small and Medium Businesses
Sasha Nunke
 
What is penetration testing and career path
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career path
Vikram Khanna
 
Introduction to Penetration testing and tools
Introduction to Penetration testing and toolsIntroduction to Penetration testing and tools
Introduction to Penetration testing and tools
Vikram Khanna
 
Introduction to Application Security Testing
Introduction to Application Security TestingIntroduction to Application Security Testing
Introduction to Application Security Testing
Mohamed Ridha CHEBBI, CISSP
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
Lionel Medina
 
What is penetration testing
What is penetration testingWhat is penetration testing
What is penetration testing
sakshisoni076
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
The Basics of Hacking and Penetration Testing Tools
The Basics of Hacking and Penetration Testing ToolsThe Basics of Hacking and Penetration Testing Tools
The Basics of Hacking and Penetration Testing Tools
Hacker Combat
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurity
Rogue Wave Software
 
What is pentest
What is pentestWhat is pentest
What is pentest
itissolutions
 
The Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistThe Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing Checklist
Cigital
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
AlienVault
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
A summary of gao’s review of information security (naba barkakati)
A summary of gao’s review of information security (naba barkakati)A summary of gao’s review of information security (naba barkakati)
A summary of gao’s review of information security (naba barkakati)
Naba Barkakati
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...
Alisha Henderson
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
Sirius
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
btpsec
 
CDM….Where do you start? (OA Cyber Summit)
CDM….Where do you start? (OA Cyber Summit)CDM….Where do you start? (OA Cyber Summit)
CDM….Where do you start? (OA Cyber Summit)
Open Analytics
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
Mike Spaulding
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1
Nutan Kumar Panda
 
Declaration of Mal(WAR)e
Declaration of Mal(WAR)eDeclaration of Mal(WAR)e
Declaration of Mal(WAR)e
NetSPI
 
Lesson 2 scanning
Lesson 2 scanningLesson 2 scanning
Lesson 2 scanning
FrankVianzon
 
Security testing vikesh kumar
Security testing vikesh kumarSecurity testing vikesh kumar
Security testing vikesh kumar
Vikesh Kumar
 
Internal Control And Fraud 11-19-10
Internal Control And Fraud 11-19-10Internal Control And Fraud 11-19-10
Internal Control And Fraud 11-19-10
Ed Tobias
 
9 tricks for better design portfolio
9 tricks for better design portfolio9 tricks for better design portfolio
9 tricks for better design portfolio
Vrushank Vyas
 
9 ways to winterize your marketing plan
9 ways to winterize your marketing plan9 ways to winterize your marketing plan
9 ways to winterize your marketing plan
Becky Livingston
 

More Related Content

What's hot

The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurity
Rogue Wave Software
 
A summary of gao’s review of information security (naba barkakati)
A summary of gao’s review of information security (naba barkakati)A summary of gao’s review of information security (naba barkakati)
A summary of gao’s review of information security (naba barkakati)
Naba Barkakati
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
Sirius
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
Mike Spaulding
 
Declaration of Mal(WAR)e
Declaration of Mal(WAR)eDeclaration of Mal(WAR)e
Declaration of Mal(WAR)e
NetSPI
 

What's hot (20)

Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
 
What is penetration testing
What is penetration testingWhat is penetration testing
What is penetration testing
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
The Basics of Hacking and Penetration Testing Tools
The Basics of Hacking and Penetration Testing ToolsThe Basics of Hacking and Penetration Testing Tools
The Basics of Hacking and Penetration Testing Tools
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurity
 
What is pentest
What is pentestWhat is pentest
What is pentest
 
The Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistThe Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing Checklist
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
A summary of gao’s review of information security (naba barkakati)
A summary of gao’s review of information security (naba barkakati)A summary of gao’s review of information security (naba barkakati)
A summary of gao’s review of information security (naba barkakati)
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
 
CDM….Where do you start? (OA Cyber Summit)
CDM….Where do you start? (OA Cyber Summit)CDM….Where do you start? (OA Cyber Summit)
CDM….Where do you start? (OA Cyber Summit)
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1
 
Declaration of Mal(WAR)e
Declaration of Mal(WAR)eDeclaration of Mal(WAR)e
Declaration of Mal(WAR)e
 
Lesson 2 scanning
Lesson 2 scanningLesson 2 scanning
Lesson 2 scanning
 
Security testing vikesh kumar
Security testing vikesh kumarSecurity testing vikesh kumar
Security testing vikesh kumar
 
Internal Control And Fraud 11-19-10
Internal Control And Fraud 11-19-10Internal Control And Fraud 11-19-10
Internal Control And Fraud 11-19-10
 

Viewers also liked

9 способов повысить эффективность финансовых организаций при помощи FAST Search
9 способов повысить эффективность финансовых организаций при помощи FAST Search9 способов повысить эффективность финансовых организаций при помощи FAST Search
9 способов повысить эффективность финансовых организаций при помощи FAST Search
Michael Kozloff
 
9 Watu Wengi Population Growth And Population Mobility
9 Watu Wengi Population Growth And Population Mobility9 Watu Wengi Population Growth And Population Mobility
9 Watu Wengi Population Growth And Population Mobility
tacit dynamite
 
9 ways to measure your brand's social health
9 ways to measure your brand's social health9 ways to measure your brand's social health
9 ways to measure your brand's social health
Prachi Karan
 

Viewers also liked (10)

9 tricks for better design portfolio
9 tricks for better design portfolio9 tricks for better design portfolio
9 tricks for better design portfolio
 
9 ways to winterize your marketing plan
9 ways to winterize your marketing plan9 ways to winterize your marketing plan
9 ways to winterize your marketing plan
 
9 vitals in business websites
9 vitals in business websites9 vitals in business websites
9 vitals in business websites
 
9 способов повысить эффективность финансовых организаций при помощи FAST Search
9 способов повысить эффективность финансовых организаций при помощи FAST Search9 способов повысить эффективность финансовых организаций при помощи FAST Search
9 способов повысить эффективность финансовых организаций при помощи FAST Search
 
9 Transmedia Trends
9 Transmedia Trends9 Transmedia Trends
9 Transmedia Trends
 
9 Ways to Boost Your Father's Day Profits | Written by Mark Alves
9 Ways to Boost Your Father's Day Profits | Written by Mark Alves9 Ways to Boost Your Father's Day Profits | Written by Mark Alves
9 Ways to Boost Your Father's Day Profits | Written by Mark Alves
 
9 Watu Wengi Population Growth And Population Mobility
9 Watu Wengi Population Growth And Population Mobility9 Watu Wengi Population Growth And Population Mobility
9 Watu Wengi Population Growth And Population Mobility
 
9 vol4no6
9 vol4no69 vol4no6
9 vol4no6
 
9 ways infographic-2
9 ways infographic-29 ways infographic-2
9 ways infographic-2
 
9 ways to measure your brand's social health
9 ways to measure your brand's social health9 ways to measure your brand's social health
9 ways to measure your brand's social health
 

Similar to 9. Vulnerability Assessments-cyber51

Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxAccess Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docx
daniahendric
 
It For Dummies Kamens 081107
It For Dummies Kamens 081107It For Dummies Kamens 081107
It For Dummies Kamens 081107
kamensm02
 
NH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 KamensNH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 Kamens
kamensm02
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Decisions
 
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptxColorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
AkramAlqadasi1
 

Similar to 9. Vulnerability Assessments-cyber51 (20)

1. penetration-testing-cyber51
1. penetration-testing-cyber511. penetration-testing-cyber51
1. penetration-testing-cyber51
 
(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing
 
Penetration Testing Services
Penetration Testing ServicesPenetration Testing Services
Penetration Testing Services
 
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfWhat is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdf
 
M Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At DisneyM Kamens Iia Financial Services Presentation At Disney
M Kamens Iia Financial Services Presentation At Disney
 
Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxAccess Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docx
 
CYBER51-FYLER
CYBER51-FYLERCYBER51-FYLER
CYBER51-FYLER
 
Penetration and Vulnerability.pdf
Penetration and Vulnerability.pdfPenetration and Vulnerability.pdf
Penetration and Vulnerability.pdf
 
FREQUENTLY ASKED QUESTION IN A TESTER INTERVIEW PENETRATION AND VULNERABILITY
FREQUENTLY ASKED QUESTION IN A TESTER INTERVIEW PENETRATION AND VULNERABILITYFREQUENTLY ASKED QUESTION IN A TESTER INTERVIEW PENETRATION AND VULNERABILITY
FREQUENTLY ASKED QUESTION IN A TESTER INTERVIEW PENETRATION AND VULNERABILITY
 
It For Dummies Kamens 081107
It For Dummies Kamens 081107It For Dummies Kamens 081107
It For Dummies Kamens 081107
 
NH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 KamensNH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 Kamens
 
What is VAPT & Why is it Important for Your Business.pptx
What is VAPT & Why is it Important for Your Business.pptxWhat is VAPT & Why is it Important for Your Business.pptx
What is VAPT & Why is it Important for Your Business.pptx
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
Outpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface management
 
Security Testing In The Secured World
Security Testing In The Secured WorldSecurity Testing In The Secured World
Security Testing In The Secured World
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) services
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
 
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptxColorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
 

9. Vulnerability Assessments-cyber51

  • 1.   Cyber  51  LLC     267  Kentlands  Blvd.  #800,  Gaithersburg,  Maryland,  20878,  USA   Email:  info@cyber51.com    Phone:  (301)  830-­‐6702     What is a Vulnerability Assessment? Checks either or both Network components (Firewalls, Routers, Servers etc.) and Web Application Components (Websites, Portals, Restricted Web Access Systems etc.). The goal of the vulnerability assessment is to find loopholes in security, which would allow an intruder to gain unauthorized access. • Checks Network equipment (Servers, Routers etc.) for Vulnerabilities • Checks Web Applications (Websites, Portals etc.) for Vulnerabilities • Same Checks Hackers employ prior to hacking into a client network What Checks are being performed on a vulnerability assessment? The checks include the search for known and unknown system or web application vulnerabilities, missing patch levels, out of date operating systems, out of date software revisions as well as open and exposed ports. • Known and Unkown Vulnerabilities in Network or Web App components • Out of date software / hardware in use • Missing patches • Open and exposed services and ports Why a Vulnerability Assessment? Organized crime but also hackers with a pure interest in destruction attack millions of Internet facing customer networks daily. If you care about your IT infrastructure and you want it safeguarded, you should regularly have vulnerability assessments performed, before a malicious hacker exploits potential weaknesses. • Variety of hackers who do it for fame, financial gain or just for fun • Mainly untraceable by law enforcement as attacks come from countries with little IT legislation (China, Russia, South America, Bangladesh etc.)
  • 2.   Cyber  51  LLC     267  Kentlands  Blvd.  #800,  Gaithersburg,  Maryland,  20878,  USA   Email:  info@cyber51.com    Phone:  (301)  830-­‐6702     What’s the difference between a Vulnerability Assessment and a Penetration Test? A vulnerability assessment is part of a Penetration Test and constitutes the first phases. In a vulnerability assessment the customer receives a report which outlines all different vulnerabilities encountered, advices on missing patch levels, out of date hardware and software and provides mitigation advice to close the loopholes down. A Penetration Test on the other hand will then also try to actively hack all systems where vulnerabilities have been encountered. For small businesses a Vulnerability Assessment is usually sufficient. A vulnerability system is non-intrusive, which means no harmful actions against the tested systems are being performed. • Vulnerability Assessment: Checks and advices on vulnerabilities • Penetration Test: Attempts full hack based on the vulnerabilities found What should SMB clients have their systems and applications checked? Hackers don’t care whether the target is a fortune 500 company or a small online flower shop. Just because the business is small doesn’t prevent it from being attacked. Every system which is exposed to the Internet shares an equal risk of being hacked. • Often less security than at Fortune 500 companies in place • Hackers don’t differentiate between targets and often choose least secure • Systems who are exposed to the internet share an equal risk What does the free Vulnerability Assessment contain and what’s the difference to a paid service? The customer will be able to choose 1 system (IP address) or 1 Web Application they would like to be assessed. The customer will then receive a basic report, which highlights the vulnerabilities found. This is a basic report only. The paid service checks multiple IP addresses (Servers / Web Application) and is accompanied by a highly comprehensive report which outlines all vulnerabilities, missing patch levels, out of date hardware, software and open ports. Additionally it will also contain complete mitigation advice and a debrief call. • Free Vulnerability Assessment: 1 system or Web App checked – Basic Report • Paid Vulnerability Assessment: Checks against all chosen systems / Web Apps. Detailed Report, Details Mitigation Advice, Kick-off and Debrief Calls
  • 3.   Cyber  51  LLC     267  Kentlands  Blvd.  #800,  Gaithersburg,  Maryland,  20878,  USA   Email:  info@cyber51.com    Phone:  (301)  830-­‐6702     How many systems actually do have vulnerabilities? In our assessments we find that 95% of all of our clients have either at least one or more critical, high or medium severity vulnerabilities. • 95% of all systems and Web Apps have vulnerabilities • We haven’t had a single customer where we were not able to break security eventually. Why are there so many vulnerabilities? IT landscape changes at rapid speed. Businesses use a lot of open source software, don’t maintain latest software revisions, have unnecessary services and port exposed to the Internet but are unaware of the security holes they are introducing. • Wrong configuration of servers • Weak Application Coding • Use of Open Source software • Exposing unneeded ports and services to the Internet CONTACT US TODAY! • Get a Free Consultation Call and Quotation • Get a Penetration Test Sample Report