Advanced Vulnerability Assessment

Description

Advanced Vulnerability Assessment is a combination of a system vulnerability audit with an application vulnerability audit for a 360° view of your security level.

The AVA service is operated by a cybersecurity engineer who will perform a set of security tests on the selected targets and provide you with a complete and comprehensive audit report. For each identified vulnerability, the report provides: criticality, description, attack vector, potential impact and solution.

The AVA service is based on two market-leading and complementary vulnerability audit solutions:

Qualys Vulnerability Management for system, infrastructure and middleware vulnerabilities (CVE)
- Vulnerability scanning of public and private IP addresses of all components of your application
Acunetix for web application vulnerabilities (OWASP Top 10)
- Dynamic Application Security Testing (DAST) solution
- Unauthenticated scan: testing the resistance of authentication forms, enrolment forms, password resets, etc.
- Authenticated scan: exploitation of internal application functions, data partitioning, elevation of privileges, etc.
- API Scan: Supported API types: SOAP/XML, REST, GraphQL

Identify and fix your security vulnerabilities before others exploit them!

Quick Start

The first step is to evaluate the perimeter requiring a security test. This scope must include all servers that interact with the application service.

In this example, it will be :

All servers exposed on the frontend.
All servers that compute the service in the backend.
All related servers, like BDD servers.

Conduct

The service is divided in two steps:

System and infrastructure vulnerability scanner: You need to identify all active servers in the service.
A web application scanner: the URL of the application + a scan profile needs to be delivered.

All this informations needs to be filled inside a "Technical qualification questionnaire" document to help you identify the scope.

Reports

Three reports will be sent:

A report from cegedim.cloud summarizing all the information and providing recommendations on the security status of the product
A Qualys Scanner report with all system vulnerabilities
An Acunetix report with all web application vulnerabilities

PreviousExtraHop NextBot Defense

Last updated 8 months ago

Description

Advanced Vulnerability Assessment is a combination of a system vulnerability audit with an application vulnerability audit for a 360° view of your security level.

The AVA service is based on two market-leading and complementary vulnerability audit solutions:

Qualys Vulnerability Management for system, infrastructure and middleware vulnerabilities (CVE)

Vulnerability scanning of public and private IP addresses of all components of your application

Acunetix for web application vulnerabilities (OWASP Top 10)

Dynamic Application Security Testing (DAST) solution
Unauthenticated scan: testing the resistance of authentication forms, enrolment forms, password resets, etc.
Authenticated scan: exploitation of internal application functions, data partitioning, elevation of privileges, etc.
API Scan: Supported API types: SOAP/XML, REST, GraphQL

Identify and fix your security vulnerabilities before others exploit them!

Quick Start

The first step is to evaluate the perimeter requiring a security test. This scope must include all servers that interact with the application service.

In this example, it will be :

All servers exposed on the frontend.

All servers that compute the service in the backend.

All related servers, like BDD servers.

Conduct

The service is divided in two steps:

System and infrastructure vulnerability scanner: You need to identify all active servers in the service.

A web application scanner: the URL of the application + a scan profile needs to be delivered.

All this informations needs to be filled inside a "Technical qualification questionnaire" document to help you identify the scope.