Security Services

Vulnerability Assessment

Vulnerability Assessments are performed for a variety of reasons. Often organizations choose a Vulnerability Assessment because they know their security posture needs improvement, but they are not sure where to start and need some specialized advice.

We will first identify the most severe issues and recommend mitigation solutions. Later phases will target less severe issues to lower impact and minimize the overall risks.

Additionally, Vulnerability Assessments can be a requirement for some standards like PCI DSS that ask merchants to regularly perform tests according to the systems in place.

Minimization or decrease of risks depend on many factors, such as other interchangeable vulnerabilities, location of devices, access controls in place, etc. As an added value, wizlynx group will use our experience and expertise to analyze and consult your organization on current vulnerabilities, and recommend solutions to decrease your risks.

The following list represents techniques that can be performed during the assessment, depending on your environment and needs:

  • Unknown and known asset identification
  • Credentialed or network based vulnerability discovery
  • Sensitive content auditing
  • Selective re-scan by host, net, sub-net, etc.
  • Authentication weaknesses
  • Botnet/Malicious Process/Anti-virus Auditing
  • Compliance Auditing (FFIEC, FISMA, CyberScope, GLBA, HIPAA/ HITECH, NERC, PCI, SCAP, SOX)

Broad Asset Coverage

  • Network devices: firewalls/routers/switches (Juniper, Check Point, Cisco, Palo Alto Networks), printers, storage
  • Virtualization: VMware ESX, ESXi, vSphere, vCenter, Microsoft, Hyper-V, Citrix Xen Server
  • Operating systems: Windows, OS X, Linux, Solaris, FreeBSD, Cisco iOS, IBM iSeries
  • Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL, MongoDB
  • Web applications: Web servers, web services, OWASP vulnerabilities
  • Cloud: Scans the configuration of cloud applications like Salesforce and cloud instances like AWS and Rackspace

What we deliver

Our final vulnerability assessment report will include the following sections:

Summary
  • Executive summary
  • Discovered vulnerabilities summary
  • Recommendations for remediation
  • Recommendation on identifying the most critical vulnerabilities
Detail
  • Discovered vulnerabilities
  • Recommendations for remediation of each vulnerability found

Our Certifications

wizlynx's security consultants and penetration testers hold the most recognised certifications in cyber security and penetration testing industry such as: SANS/GIAC GPEN, GWAPT, GCIH, GMOB, OSCP, CEH, CISSP, CISA and more!

Information Security | GIAC Expert Researcher and Advanced Penetration Tester | GXPN
Penetration Test | GIAC Web App Pen Tester | GWAPT
Penetration Test | Offensive Security Certified Professional | OSCP
Penetration Test | GIAC Mobile Device Security Analyst | GMOB
Penetration Test | GIAC Secure Software Programmer .NET | GSSP-.NET
Penetration Test | certified ethical hacker | CEH
Penetration Test | GIAC Certified Penetration Tester | GPEN
Penetration Test | GIAC Certified Web Application Defender | GWEB
Information Security | GIAC Certified Incident Handler | GCIH
Information Security | GIAC Critical Control Certification | GCCC
Information Security | Certified Information Systems Security Professional | CISSP
Information Security | Certified Information Security Auditor | CISA
Information Security | Certified Information Security Manager | CISM
Information Security | Certified in Risk and Information Systems Control | CRISC
Information Security | Certified in the Governance of Enterprise IT | CGEIT
Contact An Expert
Top