Security Services

Vulnerability Assessment

Vulnerability Assessments are performed for a variety of reasons. Often organizations choose a Vulnerability Assessment because they know their security posture needs improvement, but they are not sure where to start and need some specialized advice.

We will first identify the most severe issues and recommend mitigation solutions. Later phases will target less severe issues to lower impact and minimize the overall risks.

Additionally, Vulnerability Assessments can be a requirement for some standards like PCI DSS that ask merchants to regularly perform tests according to the systems in place.

Minimization or decrease of risks depend on many factors, such as other interchangeable vulnerabilities, location of devices, access controls in place, etc. As an added value, wizlynx group will use our experience and expertise to analyze and consult your organization on current vulnerabilities, and recommend solutions to decrease your risks.

The following list represents techniques that can be performed during the assessment, depending on your environment and needs:

  • Unknown and known asset identification
  • Credentialed or network based vulnerability discovery
  • Sensitive content auditing
  • Selective re-scan by host, net, sub-net, etc.
  • Authentication weaknesses
  • Botnet/Malicious Process/Anti-virus Auditing
  • Compliance Auditing (FFIEC, FISMA, CyberScope, GLBA, HIPAA/ HITECH, NERC, PCI, SCAP, SOX)

Broad Asset Coverage

  • Network devices: firewalls/routers/switches (Juniper, Check Point, Cisco, Palo Alto Networks), printers, storage
  • Virtualization: VMware ESX, ESXi, vSphere, vCenter, Microsoft, Hyper-V, Citrix Xen Server
  • Operating systems: Windows, OS X, Linux, Solaris, FreeBSD, Cisco iOS, IBM iSeries
  • Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL, MongoDB
  • Web applications: Web servers, web services, OWASP vulnerabilities
  • Cloud: Scans the configuration of cloud applications like Salesforce and cloud instances like AWS and Rackspace

What we deliver

Our final vulnerability assessment report will include the following sections:

  • Executive summary
  • Discovered vulnerabilities summary
  • Recommendations for remediation
  • Recommendation on identifying the most critical vulnerabilities
  • Discovered vulnerabilities
  • Recommendations for remediation of each vulnerability found

Our Certifications

wizlynx's security consultants and penetration testers hold the most recognised certifications in cyber security and penetration testing industry such as: SANS/GIAC GPEN, GWAPT, GCIH, GMOB, OSCP, CEH, CISSP, CISA and more!

Penetration Test | Offensive Security Certified Professional | OSCP
Penetration Test | GIAC Certified Penetration Tester | GPEN
Information Security | GIAC Expert Researcher and Advanced Penetration Tester | GXPN
Penetration Test | CREST Certified Penetration Tester | CREST
Penetration Test | GIAC Web App Pen Tester | GWAPT
Penetration Test | GIAC Mobile Device Security Analyst | GMOB
Penetration Test | Offensive Security Certified Expert | OSCE