What is Secure Code Review?

A vulnerability assessment uses a vulnerability scanner to analyze your server and network environment for vulnerabilities. The assessment uses a combination of automated tools and manual verification to confirm the validity of vulnerabilities detected.

Vulnerability assessment can be conducted from within your network or from the public internet to determine your vulnerability exposure.

Network

To detect vulnerabilities in the operating system and commonly used software in servers and network devices.

Web Application

To detect vulnerabilities at the web application layer, usually for custom-developed web apps.

Workstations

To detect vulnerabilities in the operating system of end user computers.

Secure Code Review Process

Scan

Run scanning tools to analyze target and detect potential vulnerabilities.

Verify

Perform manual verification to confirm validity of detected vulnerabilities.

Report

Automatically generate report from vulnerability scanner.

Retest

Verify if previously detected vulnerabilities have been fixed adequately.

How can we help?

Frequently Asked Questions

Internal vulnerability assessment determines the exposure to a malicious insider attack and is conducted from within the customer internal network and from a segment where the targets are accessible.

External vulnerability assessment determines the exposure to a malicious outsider attack and is conducted from the public internet without modification of customer’s perimeter defence.

Network vulnerability assessment is focused on the services running on the network and is primarily concerned with vulnerabilities at the operating system layer and common software (e.g. NIST CPE) of the target hosts and devices.

 

Web application vulnerability assessment is focused on the functionalities of the application and is primarily concerned with application layer vulnerabilities, especially the OWASP Top Ten Web Application Security Risks.

 

We use both commercial and open source tools including Tenable Nessus Pro, Burp Suite Pro, Kali Linux, etc.