LogoLogo
cegedim.cloudITCareAPIPrivacy
English
English
  • Documentation
  • ITCare
    • What is ITCare ?
      • Get started with ITCare
      • Demos
    • Enercare
      • Carbon footprint
    • Release notes
  • ITCare API
    • Overview
    • Authentication
    • Errors
    • Pagination
    • API Reference
      • Quick start
      • Analytics
        • Matomo
      • Changes
        • Changes
      • Compute
        • Application Servers
        • Backup Policies
        • Containers
        • Environments
        • Instances
        • Platform
        • Resource Filters
        • Resource Types
        • Resources
        • Services
        • Statuses
        • Tag Keys
        • Tag Values
        • Types
      • Databases
        • Databases
        • MariaDB
        • OpenSearch
        • PostgreSQL
        • Redis
        • SQL Server
      • Hardwares
        • Hardwares
      • Messaging
        • Apache Kafka
        • Message Brokers
        • RabbitMQ
      • Networking
        • Domains
        • Load Balancers
        • Network Clusters
        • Networks
      • Operations
        • Actions
        • Operations
      • Storage
        • Glusterfs
        • Overdrive
      • Topology
        • Topology
  • Services
    • Products
    • Support policy
    • Patch policy
    • RACI
  • Analytics
    • Matomo
      • Matomo - Features
      • Matomo - Get started
  • Compute
    • Virtual instances
      • Virtual instances - Features
        • Linux - Hardening
      • Virtual instances - Get started
    • Containers (K8s)
      • K8s - Features
        • Hardening
        • Persistent Storage
      • K8s - Get started
        • High Availability
  • Databases
    • MariaDB
      • MariaDB - Features
      • MariaDB - Get started
    • OpenSearch
      • OpenSearch - Features
        • v2 - Breaking changes
      • OpenSearch - Get started
    • PostgreSQL
      • PostgreSQL - Features
      • PostgreSQL - Get started
      • PostgreSQL - Upgrade
    • Redis
      • Redis - Features
      • Redis - Get started
      • Redis - Upgrade
    • SQL Server
      • SQL Server - Features
      • SQL Server - Get started
      • SQL Server - Upgrade
  • Messaging
    • Apache Kafka
      • Apache Kafka - Features
      • Apache Kafka - Get started
      • Apache Kafka - Upgrade
    • RabbitMQ
      • RabbitMQ - Features
      • RabbitMQ - Get started
      • RabbitMQ - Upgrade
    • SMS
      • SMS - Get started
  • Monitoring
    • ExtraHop
  • Security
    • Advanced Vulnerability Assessment
    • Bot Defense
      • Bot Defense - Features
    • Data Masking
      • Data Masking - Get started
    • Phishing Campaign
  • Storage
    • GlusterFS
      • GlusterFS - Features
      • GlusterFS - Get started
    • Object Storage
      • Object Storage - Features
        • S3 API compatibility
        • Limitation and Best Practices
        • Presigned URL
        • Bucket Policies
        • Bucket Lifecycle
        • Object Lock
      • Object Storage - Get started
        • Manage Object Users
        • Manage versioning in Bucket
        • Manage Bucket access
    • OverDrive
      • OverDrive - Features
      • OverDrive - Get started
Powered by GitBook
On this page
  • Description
  • Quick Start
  • Conduct
  • Reports
Export as PDF
  1. Security

Advanced Vulnerability Assessment

PreviousExtraHopNextBot Defense

Last updated 1 year ago

Description

Advanced Vulnerability Assessment is a combination of a system vulnerability audit with an application vulnerability audit for a 360° view of your security level.

The AVA service is operated by a cybersecurity engineer who will perform a set of security tests on the selected targets and provide you with a complete and comprehensive audit report. For each identified vulnerability, the report provides: criticality, description, attack vector, potential impact and solution.

The AVA service is based on two market-leading and complementary vulnerability audit solutions:

  • Qualys Vulnerability Management for system, infrastructure and middleware vulnerabilities (CVE)

    • Vulnerability scanning of public and private IP addresses of all components of your application

  • Acunetix for web application vulnerabilities (OWASP Top 10)

    • Dynamic Application Security Testing (DAST) solution

    • Unauthenticated scan: testing the resistance of authentication forms, enrolment forms, password resets, etc.

    • Authenticated scan: exploitation of internal application functions, data partitioning, elevation of privileges, etc.

    • API Scan: Supported API types: SOAP/XML, REST, GraphQL

Identify and fix your security vulnerabilities before others exploit them!

Quick Start

The first step is to evaluate the perimeter requiring a security test. This scope must include all servers that interact with the application service.

In this example, it will be :

  • All servers exposed on the frontend.

  • All servers that compute the service in the backend.

  • All related servers, like BDD servers.

Conduct

The service is divided in two steps:

  1. System and infrastructure vulnerability scanner: You need to identify all active servers in the service.

  2. A web application scanner: the URL of the application + a scan profile needs to be delivered.

All this informations needs to be filled inside a "Technical qualification questionnaire" document to help you identify the scope.

Reports

Three reports will be sent:

  • A report from cegedim.cloud summarizing all the information and providing recommendations on the security status of the product

  • A Qualys Scanner report with all system vulnerabilities

  • An Acunetix report with all web application vulnerabilities

Example