VULPEN (Vulnerability Assessment & Penetration testing)

vulpenThe automated vulnerability scanning solution provided by CyCops Security helps to ensure the security of your external facing network devices by providing timely and up to date vulnerability scans.ScanningCyCops Security uses two of the world's leading scanning products to provide the automated scanning solution. Both of these products are network-based scanners that can detect vulnerabilities on all networked assets, including servers, network devices, peripherals and workstations.The scans include checks for thousands of security vulnerabilities and are regularly updated as new vulnerabilities are announced.

Network Mapping

An optional network mapping component can be included in the package that will review your external network and report on which IPS are active and detect any changes in your external facing network.

Scan Analysis

An optional component can be included which provides analysis of the reports by a CyCops Security team member to highlight and quantify the risk of issues reported.

Key Points

  • Provides a higher level of security assurance than snapshot 'point in time' vulnerability scans
  • Both of the backend scanning products are approved PCI scanning vendors and can be used for PCI required network scans
  • Customized reports range from summary executive reports through to full technical details reports
  • Scan data is kept secure at all times, and reports are delivered in a secure manner

Penetration Testing

Penetration testing simulates an attacker attempting to gain access to a specified target server or application. A penetration test involves the use of automated testing tools as well as manual test methods to review the security from an external or internal perspective.

External Penetration Testing

Externally facing systems are constantly at risk to attack from the Internet. Newly developed applications and servers to be deployed should all be tested prior to making them publically accessible to ensure the security of the network as a whole.The team at Cycops Security has years of experience in carrying out penetration tests against externally facing network devices, servers and web applications developed on all platforms, and can assure you of a high level of security after a review has been completed.

Internal Penetration Testing

It is common knowledge that a large number of information security attacks occur from within. By allowing Cycops to step into the role of an employee, we are able to review the network from the inside to determine the security posture of the internal network.Usually specific targets are set, such as accounting/payroll/research systems, with the aim of gaining unauthorized access to the targets from various starting points.

Review Includes

  • Attempted unauthorized access to applications, user data, services or internal network devices
  • Credential brute forcing and password guessing
  • Researching previously undiscovered vulnerabilities
  • Testing for all known web application vulnerabilities
  • Vulnerability assessment and network service review Increasing The Value of Penetration Testing is a presentation and white paper, which explains how you as a customer can gain more value from penetration testing.