site map
  "The important thing is not to stop questioning"
Did you know:
"Nearly 90% of all emails scanned
during August 2006 were spam".


Vulnerability Assessment

Our vulnerability scanning service assesses the security of your networks and applications from the point of view of an external hacker on the internet.

This testing is recommended for companies who have recently deployed new servers and/or services or have never had a security test and are curious to know how secure their business looks remotely.

Red-Team are able to provide regular scans to constantly monitor your external interfaces.  This could be monthly, annually or on a ad-hoc basis.

Our consultants remotely test the target network in accordance with the OSSTMM.  The vulnerability scanning process includes, but is not limited to the following:

    Network Footprinting

DNS Retrieval

Discovery and Probing

Enumeration


Web Application Testing

This type of vulnerability forms over 50% of the total we find when testing web servers. Applications are much more likely to be vulnerable to security breaches, such applications are usually the stepping stone to a full system compromise.

 Whilst application vulnerabilities are very difficult to mitigate through regular firewall & infrastructure security, simply updating web services or re-coding will usually solve the problem.

Many organisations are now discovering, security flaws within their custom applications, they realise that these represent an escalating security issue and a real threat to the development of their business.

The web application testing process includes, but is not limited to the following:

Cross Site Scripting (XSS)

SQL injection

Buffer Overflow Attacks

Distributed Denial of Service (DDoS)


Penetration Testing

In addition to identifying potential vulnerabilities, we will also seek to verify, and exploit the vulnerabilities, and provide an accurate assessment of the extent to which an intruder could gain access to systems behind the perimeter.

Any security issues that Red-Team find will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution.

In addition to the technological aspect of the test, there is a strong element of commercial intelligence, which underpins the comprehensive risk assessment.

Many people confuse a Penetration test with a Vulnerability assessment, they are not the same.   A Penetration test may involve 'active exploitation' that would have been discovered during an initial Vulnerability Scan.  This process includes, but is not limited to the following:

    Password Attacks
    Remote File Inclusion

    Local Root Exploits
Terms of Use  |  Privacy Statement
© 2006 Red-Team. All rights reserved