Test Objective
Conduct a test of the application code for security vulnerabilities which meets OWASP standards and PCI requirements
Audit Serve’s Application Level Vulnerability Assessment & Penetration Testing Methodology
Step 1: Vulnerability Identification, Analysis and Risk Validation
- Use Qualys WAS tool licensed by Audit Serve to identify known security vulnerabilities and poor system configuration
- Perform analysis of vulnerabilities and determine whether they are false positives based on validation of system configuration
- Conduct interviews with client to discuss use of technology where vulnerabilities discovered to determine residual risk
Step 2: Active Exploitation
- Use exploitation components of the Qualys WAS tool licensed by Audit Serve
- Run password cracking tools to disclose accounts
Step 3: Remedial Advisory
- Provide guidance on remedial action to reduce risk of vulnerabilities identified to acceptable levels
Audit Serve’s Internet Vulnerability Assessment & Penetration Report
Our penetration test report contains two parts:
- An executive summary intended for senior management which highlights the findings and action items from the penetration test
- Detailed findings and action items that describe the vulnerabilities discovered, its impact and how to fix each one
Common Usage of the Service
- Many organizations are required to conduct independent application level penetration tests by various government regulatory agencies and vendor management requirements.
- One of the key requirements of PCI is to perform application level penetration testing.
Contact Mitch Levine at Levinemh@auditserve.com or call (203) 972-3567 to (203) 972-3367 to start the penetration test of your organization.
Cost of Service
|
1
Application
|
2 – 3 Applications
|
4 - 7
Applications
|
8 - 12 Applications
|
One Time Scan & report w/o rerun option
|
$2250
|
$3450
|
$4850
|
Call for Price
|
One Time Scan & report with rerun
|
$3250
|
$4750
|
$6250
|
|
Quarterly Scan & report
|
$6500
|
$8750
|
$9850
|
|
Quarterly Scan & report with rerun
|
$8500
|
$10,250
|
$12,500
|
|
The rerun option allows for a subsequent scan to be run after the organization completes the remediation of issues identified during the initial scan. If the rerun option is selected, the initial deliverable will be a report of issues. After the rerun is performed, the final report will be issued.