Application Level - Vulnerability Assessment & Penetration Testing

Test Objective 

Conduct a test of the application code for security vulnerabilities which meets OWASP standards and PCI requirements
 

Audit Serve’s Application Level Vulnerability Assessment & Penetration Testing Methodology 
 
Step 1: Vulnerability Identification, Analysis and Risk Validation
  • Use Qualys WAS tool licensed by Audit Serve to identify known security vulnerabilities and poor system configuration
  • Perform analysis of vulnerabilities and determine whether they are false positives based on validation of system configuration
  • Conduct interviews with client to discuss use of technology where vulnerabilities discovered to determine residual risk
Step 2: Active Exploitation
 
  • Use exploitation components of the Qualys WAS tool licensed by Audit Serve
  • Run password cracking tools to disclose accounts
Step 3: Remedial Advisory
  • Provide guidance on remedial action to reduce risk of vulnerabilities identified to acceptable levels
Audit Serve’s Internet Vulnerability Assessment & Penetration Report
Our penetration test report contains two parts:
  • An executive summary intended for senior management which highlights the findings and action items from the penetration test
  • Detailed findings and action items that describe the vulnerabilities discovered, its impact and how to fix each one
Common Usage of the Service
  • Many organizations are required to conduct independent application level penetration tests by various government regulatory agencies and vendor management requirements.
  • One of the key requirements of PCI is to perform application level penetration testing.
Contact Mitch Levine at Levinemh@auditserve.com or call (203) 972-3567 to (203) 972-3367 to start the penetration test of your organization.

Cost of Service

 

 
1
Application
2 – 3 Applications
4 - 7
Applications
8 - 12 Applications
One Time Scan & report w/o rerun option
$2250
$3450
$4850
Call for Price
One Time Scan & report with rerun
$3250
$4750
$6250
Call for Price
Quarterly Scan & report
$6500
$8750
$9850
Call for Price
Quarterly Scan & report with rerun
$8500
$10,250
$12,500
Call for Price

 

The rerun option allows for a subsequent scan to be run after the organization completes the remediation of issues identified during the initial scan.  If the rerun option is selected, the initial deliverable will be a report of issues.  After the rerun is performed, the final report will be issued. 
 
 
 

 

 

AuditNet - The Global Resource for Auditors

Free
Audit Vision
Newsletter

Since 1991
Join 3,500 other subscribers

 

 

Free Audit Serve Seminars Posted Online

25 minute extract from the seminar entitled "Alternate Control Design Approaches for z/OS" presented by Mitch Levine in London (at the Churchill War Rooms) March, 2018 which would be of interest to IT Audit, Security and GRC personnel

General Data Protection Regulation Seminar

Copyright © 2015. All Rights Reserved.