English
cegedim.cloud ITCare API
Privacy

Advanced Vulnerability Assessment

Description

Advanced Vulnerability Assessment is a combination of a system vulnerability audit with an application vulnerability audit for a 360° view of your security level.

The AVA service is operated by a cybersecurity engineer who will perform a set of security tests on the selected targets and provide you with a complete and comprehensive audit report. For each identified vulnerability, the report provides: criticality, description, attack vector, potential impact and solution.

The AVA service is based on two market-leading and complementary vulnerability audit solutions:

  • Qualys Vulnerability Management for system, infrastructure and middleware vulnerabilities (CVE)

    • Vulnerability scanning of public and private IP addresses of all components of your application

  • Acunetix for web application vulnerabilities (OWASP Top 10)

    • Dynamic Application Security Testing (DAST) solution

    • Unauthenticated scan: testing the resistance of authentication forms, enrolment forms, password resets, etc.

    • Authenticated scan: exploitation of internal application functions, data partitioning, elevation of privileges, etc.

    • API Scan: Supported API types: SOAP/XML, REST, GraphQL

Identify and fix your security vulnerabilities before others exploit them!

Quick Start

The first step is to evaluate the perimeter requiring a security test. This scope must include all servers that interact with the application service.

In this example, it will be :

  • All servers exposed on the frontend.

  • All servers that compute the service in the backend.

  • All related servers, like BDD servers.

Conduct

The service is divided in two steps:

  1. System and infrastructure vulnerability scanner: You need to identify all active servers in the service.

  2. A web application scanner: the URL of the application + a scan profile needs to be delivered.

All this informations needs to be filled inside a "Technical qualification questionnaire" document to help you identify the scope.

Reports

Three reports will be sent:

  • A report from cegedim.cloud summarizing all the information and providing recommendations on the security status of the product

  • A Qualys Scanner report with all system vulnerabilities

  • An Acunetix report with all web application vulnerabilities

PreviousExtraHopNextBot Defense

Last updated