Application Level - Vulnerability Assessment & Penetration Testing

Test Objective 

Conduct a test of the application code for security vulnerabilities which meets OWASP standards and PCI requirements
 

Audit Serve’s Application Level Vulnerability Assessment & Penetration Testing Methodology 
 
Step 1: Vulnerability Identification, Analysis and Risk Validation
  • Use Qualys WAS tool licensed by Audit Serve to identify known security vulnerabilities and poor system configuration
  • Perform analysis of vulnerabilities and determine whether they are false positives based on validation of system configuration
  • Conduct interviews with client to discuss use of technology where vulnerabilities discovered to determine residual risk
Step 2: Active Exploitation
 
  • Use exploitation components of the Qualys WAS tool licensed by Audit Serve
  • Run password cracking tools to disclose accounts
Step 3: Remedial Advisory
  • Provide guidance on remedial action to reduce risk of vulnerabilities identified to acceptable levels
Audit Serve’s Internet Vulnerability Assessment & Penetration Report
Our penetration test report contains two parts:
  • An executive summary intended for senior management which highlights the findings and action items from the penetration test
  • Detailed findings and action items that describe the vulnerabilities discovered, its impact and how to fix each one
Common Usage of the Service
  • Many organizations are required to conduct independent application level penetration tests by various government regulatory agencies and vendor management requirements.
  • One of the key requirements of PCI is to perform application level penetration testing.
Contact Mitch Levine at Levinemh@auditserve.com or call (203) 972-3567 to (203) 972-3367 to start the penetration test of your organization.

Cost of Service

 

 
1
Application
2 – 3 Applications
4 - 7
Applications
8 - 12 Applications
One Time Scan & report w/o rerun option
$2250
$3450
$4850
Call for Price
One Time Scan & report with rerun
$3250
$4750
$6250
Call for Price
Quarterly Scan & report
$6500
$8750
$9850
Call for Price
Quarterly Scan & report with rerun
$8500
$10,250
$12,500
Call for Price

 

The rerun option allows for a subsequent scan to be run after the organization completes the remediation of issues identified during the initial scan.  If the rerun option is selected, the initial deliverable will be a report of issues.  After the rerun is performed, the final report will be issued. 
 
 
 

 

 

AuditNet - The Global Resource for Auditors
General Data Protection Regulation Seminar

Free
Audit Vision
Newsletter

Since 1991
Join 3,500 other subscribers

Copyright © 2015. All Rights Reserved.