Vulnerability Assessment

Cybersecurity is part of our lives.

Your IT assets are under constant threat!

Protect your business:

Request a vulnerability assessment!

New Field

„It takes 20 years to build a reputation, and few minutes of cyber-incident to ruin it.”

– Stéphane Nappo,
Global Chief Information Security Officer

Online threats threaten us all.

Everyone knows someone, or has heard of someone, whose computer has been blocked by a ransomware virus or whose personal data has been obtained by spyware. Many of us have experienced this terrible feeling personally. It often costs millions to recover data and it is not uncommon to have to say goodbye to stolen information forever.

As technology advances, the internet becomes more and more pervasive, our devices and applications more sophisticated and complex. With this comes increased vulnerabilities that malware and hackers are constantly trying to exploit.

Cyber security is already an inescapable part of our lives, and will only become more so in the future.

That’s why a professional vulnerability scan by an ethical hacker is a must-have!

Full vulnerability testing

IT Secure’s team provides a complex vulnerability assessment for your business in a way which is unique in Hungary.

During the vulnerability scan we use special software to detect possible hacking points.

We prepare a detailed report on the results of the vulnerability assessment.

If you are satisfied with our work, we will offer you an immediate solution to the problems identified.

That is why a professional vulnerability scan – during which an ethical hacker reveals the weak points of your system – is an unmissable offer!

Our certificates

“If you spend more time on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”

– Richard Clarke,
White House Cybersecurity Advisor, 1992-2003

 

Firewalls are no longer enough.

Not only our IT systems but also the threats to them are becoming more and more sophisticated.

Increasing cyber threats are forcing organizations to constantly look for new ways to improve the security of their mobile and web interfaces and applications.

The frequency of successful intrusions by cybercriminals, as well as the complexity of hacking attacks, is increasing, so should your system not be properly protected then you will need to be prepared for the possibility of serious losses to your business at any moment.

Internet connections are usually protected by firewalls rather than intrusion detection systems making it easy for hackers to cripple computers and networks.

Our ethical hacking solutions

To prevent such unwanted events, we offer two types of ethical hacking solutions to detect risks in your systems:

complex vulnerability testing

penetration testing

Start improving your protection system by requesting a full vulnerability assessment!

What is an ethical hack?

An ethical hack is a vulnerability scan and is legal and benign as it is authorized by the client for the purpose of a cyber security professional to detect vulnerabilities in the IT networks and systems.

An ethical hacker does not cause harm to any malicious intruders, but does reveal the gaps in protection and highlights possible solutions.

How does an ethical hacking attack work?

IT Secure’s experienced ethical hacking experts attempt to gain access to target systems over the network by hacking or bypassing security measures.

An ethical hacking attack detects which security measures:

  • are lacking
  • are ineffective
  • are vulnerable to attack
  • use vulnerable technology
  • are administered without proper working methods or security concepts
  • where compliance cannot be enforced by the technology used

Protect your company with our vulnerability scanning service!

Our Services

Complex vulnerability assessment

Vulnerability testing is a series of ethical hacking tests run on a product that is either ready or under development. We provide our clients with detailed information on the results of the tests.

The vulnerability scan covers the following:

  • configuration flaws
  • development flaws
  • vendor vulnerabilities
  • identification of known vulnerabilities

A technical vulnerability scan is not part of the preliminary service, but can be requested after reviewing the results of the preliminary vulnerability scan.

Penetration test

During penetration testing, the ethical hacker tests the practical exploitability of identified vulnerabilities. To run such a test, of course we need authorisation from the client.

Penetration testing simulates a hacking attack while focussing on a specific interface or application. The aim of the test is to get as deeply as possible into the system to gain the highest possible level of privileges and access to sensitive data.

A penetration test therefore looks at the risk that a particular point of attack poses to our client’s systems.

Comparison of vulnerability testing and penetration testing

Test
Goal
Completion time
Depth
Price
Vulnerability assessment
Identify the vulnerabilities
Shorter
Overview
Custom pricing
Penetration test
Identify the vulnerabilities and exploit them
Longer
Details oriented
Custom pricing
Vulnerability assessment
Goal: Identify the vulnerabilities
Completion time: Shorter
Depth: Overview
Price: Custom pricing
Penetration test
Goal: Identify the vulnerabilities and exploit them
Completion time: Longer
Depth: Details oriented
Price: Custom pricing

Methods of vulnerability testing

External vulnerability test

External vulnerability testing simulates an attack launched from outside the organization. We focus on the detection of websites and web applications accessible through the Internet.

Internal vulnerability test

The internal vulnerability testing involves establishing a connection within the organization to test the vulnerability of IT services and systems available on the internal network.

If necessary both the vulnerability scan and the penetration test will include an external and an internal ethical hacker test.

White box test

The white box test is performed with full knowledge of the IT infrastructure so the cybersecurity professionals will have access to the network diagrams, source code and detailed parameters of the systems before performing the ethical hacker test.

Black box test

During the black box testing the test is performed without prior knowledge of the IT infrastructure.

Gray box test

In the grey box test the detection is performed starting from a partial knowledge of the IT infrastructure.

The ethical hacking investigation covers the following areas

Vulnerability testing of servers and workstations (operating system, databases, target hardware)

Application detection (web applications, websites, CRM systems)

Infrastructure testing (network devices, internet connection, wi-fi network, VPNs)

Vulnerability testing phases

Both the vulnerability testing and penetration testing process is carried out in several phases by our ethical hacking experts. These are:

01

Planning and preparation

Our cybersecurity specialists will clarify the scope of the ethical hacking test with our client, then explain the working methodology and set a deadline for conducting the vulnerability test and preparing a report which summarizes the results.

02

Implementation

Our ethical hacking experts use automated tests and manual scanning to identify vulnerabilities in the system and then categorize the threats identified.

03

Passive tests

Our experts run non-offensive, open-source tests to identify known vulnerabilities and categorize these threats.

04

Active tests

Ethical hacking attack: a detailed attack scan to detect and record any emerging vulnerabilities.

05

Analysis

At the end of the vulnerability scan we assess the system’s weaknesses and prepare the next cycle summarizing this information and our further recommendations to the client.

Website and web application vulnerability assessment

An ethical hacking test of a website and web application can always be performed by simulating an external attack.

A website vulnerability scan highlights weaknesses that could be exploited by attackers using manual or automated techniques to take control of servers.

Tools

We use the following tools and software to conduct vulnerability testing:

Request our vulnerability testing service to protect your website or web application!

Mobile application vulnerability scan

During mobile application vulnerability testing, we perform an ethical hacker test of a specific, unique mobile application (iOS and/or Android).

The purpose of the audit is to reveal and learn about all the vulnerabilities of the application, from binary translation problems to improper storage of sensitive data.

Mobile application vulnerability testing phases:

Phase 1: Preparing for the vulnerability scan

Planning: Plan the process of running the vulnerability scan.

Establish the initial state:  After planning, we record the baseline state prior to the vulnerability scan, which is restored by our cyber security experts at the end of the process.

Information gathering: We gather all information from our clients regarding project design and objectives.

Review of rules of engagement: A review of the rules of engagement is carried out: a brief meeting with the client to confirm the scope of the project and the schedule for vulnerability testing, to define specific testing objectives and to answer any questions about the project.

Phase 2: Implementation of the vulnerability assessment

Reconnaissance: The first step in the implementation of the vulnerability assessment is reconnaissance, during which time, all relevant open-source intelligence information is obtained.

Threat modelling: The next step in the ethical hacking test is threat modelling, where we assess the different types of threats which are able to affect the targets under investigation.

Mobile vulnerability testing: The final step in the testing phase is to conduct a mobile vulnerability assessment: all affected targets and applications are mapped at network and application level.

Phase 3: Follow-up

Preparation of vulnerability assessment report: Once the active part of the assessment is completed, the results will be formally documented.

Quality assurance: Each step of the evaluation goes through a rigorous technical and editorial quality assurance process. It may be part of the consultation process with the partners.

Presentation: At the end of the vulnerability assessment, we present our report to the client. We show the gained information and manage the need for renovation.

Tools

We use our own tools and software to conduct the vulnerability assessment: NMap.org, Nessus professional, Acunetix, Owasp, Java, Burp suite

Our references and partners

Standards and Guidelines for desktop and mobile application security testing

Open Web Application Security Project (OWASP) Testing Guide
OWASP Mobile Security Testing Guide (MSTG)
OWASP Mobile Application Security Checklist
OWASP Top 10 2017 – The Ten Most Critical Web Application Security Risks
Technical Guide to Information Security Testing an