Vulnerability Testing

Systems are data that are highly secure one day can be equally vulnerable the next. As new hardware and application are brought online, or new partners join your network, the number of threats you face increases.

A vulnerability assessment is a comprehensive examination of your network’s current state against a desired or mandated state; DigitalDefence identifies any gaps between the two, and then provides the guidance to achieve the desired state. To maximize the effectiveness of security testing in your network, a vulnerability assessment should be completed on your network before penetration testing.

A vulnerability assessment will review some or all of the following elements:

Physical Security

• Employee safety
• Review of perimeter security devices (fences, gates, monitoring systems such as closed-circuit TV, alarm systems)
• Security of access controls
• Alarm response testing
• Environmental review (power systems, fire detection and controls, HVAC, etc)
• Physical control of servers, workstations, and mobile devices

Network Architecture

• Review of the design strategy and supporting documentation, including policies, practices, and standards
• Inventory of network devices
• Design, implementation and testing of network security devices (firewalls, intrusion detection systems/intrusion prevention systems, etc)
• Review network access controls
• Review of device management and event logging
• Review of backup processes and storage security
• Business continuity practices and disaster recovery practices

Wireless and Communications Security

• Secure architecture and configuration of wireless devices, including access points and client-side set-up
• Vulnerability assessment of wireless networks, especially those based on 802.11 standard
• Detection of rogue (unauthorized) wireless access points
• Voice over IP (VoIP) testing
• PBX and voicemail testing
• Modem security, including “wardialing” to identify rogue modems

Mobile Device Security

• Policies and procedures governing the use of mobile devices
• Assessment of mobile device security (client-side and server-side)
• Physical security of mobile devices, including inventory tracking

Remote Access Security

• Security of VPN implementations
• Security of partner connections, and vendor connections into your network

Network Security

• Security of all network devices (routers, switches, and network security devices)
• Security of network servers
• Security of workstations, mobile devices
• Review of system “builds”, including baseline security
• Review of change control processes, including patch management

Web Application Security / eCommerce Security

• Review of Internet for evidence of “information leakage” (blogs, archived employee e-mails, chat rooms, etc)
• Assessment of web application security against OWASP standards

Application Review (COTS, database, and proprietary applications)

• Threat modelling and analysis
• Security architecture review, including analysis of data flow within the application and during external operations
• Analysis of security and operational controls
• Backup, business continuity, and disaster recovery of application and data
• Custom protocol and application fuzzer development
• Reverse engineering
• Source code review (line-by-line analysis)
• Creation or assessment of your software development life cycle, SDLC
• Secure application development training

Social Engineering

• Security awareness training (must be done before attempting social engineering testing)
• Remote testing (via phone, e-mail)
• On-site testing
• Use of “road apples” (physical devices such as USB keys) that attackers or malicious employees could use to by-pass security controls