Select the search type
 
  • Site
  • Web
Search
  |  Login

 

Free
Audit Vision
Newsletter
Since 1991
Join 3,500 other subscribers

 

Internet Vulnerability Assessment & Penetration Testing

Test Objective

 

The test assesses the security of the organization’s systems from Internet based attacks. 

 

 

Audit Serve’s Internet Vulnerability Assessment & Penetration Testing Methodology

 

Step 1: Network Mapping and Discovery

  • Technical information provided by the client
  • Use publically available information such as ARIN WHOIS Search to verify IP ranges provided by the client
  • Use QualysGuard tool licensed by Audit Serve to identify intermediary network devices

 

Step 2:  Target Identification and Service Discovery

  • Use port scanner to scan all RCP/UDP ports for all IP addresses
  • Use QualysGuard tool licensed by Audit Serve to provide additional verification of open ports and to identify services which are available
  • Audit Serve performs additional manual tests to identify available services to intruders

 

Step 3: Vulnerability Identification, Analysis and Risk Validation

  • Use QualysGuard tool licensed by Audit Serve to identify known security vulnerabilities and poor system configuration
  • Perform analysis of vulnerabilities and determine whether they are false positives based on validation of system configuration
  • Conduct interviews with client to discuss use of technology where vulnerabilities discovered to determine residual risk

 

Step 4:  Active Exploitation

  • Use exploitation components of the QualysGuard tool licensed by Audit Serve
  • Run password cracking tools to disclose accounts

 

Step 5:  Remedial Advisory

  • Provide guidance on remedial action to reduce risk of vulnerabilities identified to acceptable levels

Audit Serve’s Internet Vulnerability Assessment & Penetration Report

Our penetration test report contains two parts:  

 

  • An executive summary intended for senior management which highlights the findings and action items from the penetration test
  • Detailed findings and action items that describe the vulnerabilities discovered, its impact and how to fix each one

Common Usage of the Service  

  • Many organizations are required to conduct independent penetration tests by various government regulatory agencies.
  • One of the key control requirements of a SAS 70 is to perform independent penetration testing.
  • Most organizations’ Sarbanes-Oxley IT General Controls require annual independent penetration testing.

Complete the Work Order Request Form and fax to (203) 972-3367 to start the penetration test of your organization.

Cost of Service

 

1 – 3 IP Addresses

4 – 7 IP Addresses

8 – 15 IP Addresses

16 – 35 IP Addresses

One Time Scan & report w/o rerun option

$1295

$1675

$2875

$4500

One Time Scan & report with rerun

$2500

$3500

$5600

$9000

Quarterly Scan & report

$2500

$3500

$5600

$9000

Quarterly Scan & report with rerun

$5000

$7000

$9000

$16,000

The rerun option allows for a subsequent scan to be run after the organization completes the remediation of issues identified during the initial scan.   If the rerun option is selected, the initial deliverable will be a report of issues.  After the rerun is performed, the final report will be issued. 

 

XYPRO

 

 

 

Vendor Compliance Manager
Home   |   Articles   |   Audit Programs   |   Conferences / Seminars