VULNERABILITY ASSESSMENT

WHAT IS A VULNERABILITY ASSESSMENT?

Vulnerability Assessment is the security auditing process of identifying, quantifying, validating, and classifying vulnerabilities in a system as well as prioritizing them for remediation. There are a few key features that are unique to Vulnerability Assessment that separate it from all other types of testing:
  • Identification and Analysis; Not Exploitation: Vulnerability Assessments work toward the goal of identifying and analyzing the security flaws in targeted systems, applications, and networks. Hence, it is focused on discovery and evaluation, rather than on trying to actively break into a system.
  • Broad in Scope: A Vulnerability Assessment encompasses a much wider range of potential issues. A security professional assesses assets and resources to test detection of, and response to, common attacks like DoS (Denial of Service), MITM (Man in the Middle), SQL Injection, and Network Intrusion.
  • Utilizes Known Vulnerabilities and Compares: Checking against a list of known and potential vulnerabilities is a big part of any Vulnerability Assessment. In fact, these checks make sure that your network is safe from the most common attacks.
  • Automated and Manual Testing: Checking your networks with automated tools first and then performing manual testing ensures that nothing is overlooked during the assessment phase. While automated testing quickly covers the most common vulnerabilities, manual testing rounds off the process with a closer look at the target environment.
image-1
Pen-Test-Pillar-Banner

Pretty much everything you'd need to know about vulnerability assessments in the pen testing process. 

LEARN MORE

BENEFITS

Benefits of a Vulnerability Assessment performed by RedLegg include:

INSIGHT:

Gain insight into many of the risks faced within your enterprise by identifying shortcomings in your existing security program.

EFFICACY:

Prioritize the biggest threats to the organization and strategically plan the necessary roadmap to safeguard your organization.

PROACTIVITY:

Reduce the impact and likelihood of a successful breach and data exfiltration through testing and securing of your organization.

COMPLIANCE:

Show customers and stakeholders your commitment to securing and protecting the most valuable assets against various threat actors.

September 10 | Downtown Chicago

Penetration Testing Workshop

Pen Testing Workshops with RedLegg is a regional event series for cybersecurity professionals looking to build and expand their security strategies to grow and better protect their businesses.

VULNERABILITY ASSESSMENT METHODOLOGY

The RedLegg methodology for conducting Vulnerability Assessments is based on a proven track record of providing high-quality results and detailed corrective actions that can help lower the overall risk of the tested environment.  Each engagement, however, is a specialized event unique to each client. 

RedLegg has developed a robust assessment methodology that maximizes technical results while minimizing the impact to the testing environment.  Although this methodology has been customized, it is based on proven industry best practices from the Open Source Security Testing Methodology (OSSTM), the Open Web Application Security Project (OWASP), and the Penetration Execution Standards (PTES).

Download The Sample Report

PHASE 1:
RECONNAISSANCE

During this phase, RedLegg will generate threat intelligence, research open-source intelligence (OSINT) available about the organization, and enumerate the network to discover ports, services, and potential attack vectors for use during testing.  Techniques that may need to be run (but are not necessarily required) during the engagement include:

  • WHOIS searches
  • NMAP scanning
  • Nessus scanning
  • Burp Suite scanning
  • Arachni scanning
  • Nikto scanning
  • Zone transfers
  • DNS brute forcing
  • SNMP enumeration
  • Email harvesting
  • Metadata harvesting
  • Banner grabbing
  • SIP enumeration
  • IKE enumeration

PHASE 2:
VALIDATION

RedLegg will validate the reconnaissance findings to determine whether a vulnerability exists and is actionable.  Any vulnerability that can be validated as 100% false (false positive) will be removed from the test during this phase.

PHASE 3:
DELIVERABLE CREATION

RedLegg produces three deliverables detailing the results of the assessment including the Penetration Testing Report, a spreadsheet containing the discovered vulnerabilities, and a package containing the raw data from the penetration test.

PHASE 4:
DEBRIEFING

Once the deliverables have been received, RedLegg will schedule a debriefing meeting to discuss the results of the assessment.  During this phase, RedLegg will work with the Client to determine any necessary changes to the report.

PHASE 5:
RETESTING (OPTIONAL)

Within 90 days of the findings meeting, RedLegg can perform two types of retesting.  The first type tests the remediation of any discovered and reported vulnerabilities that the Client says are now remediated.  Any tested items found to be remediated will be updated with that information in the report.  The second type is a full retest of the network scope to determine if any fixes have created new vulnerabilities.

  • PHASE 1:
    RECON
  • PHASE 1:
    RECONNAISSANCE

    During this phase, RedLegg will generate threat intelligence, research open-source intelligence (OSINT) available about the organization, and enumerate the network to discover ports, services, and potential attack vectors for use during testing.  Techniques that may need to be run (but are not necessarily required) during the engagement include:

    • WHOIS searches
    • NMAP scanning
    • Nessus scanning
    • Burp Suite scanning
    • Arachni scanning
    • Nikto scanning
    • Zone transfers
    • DNS brute forcing
    • SNMP enumeration
    • Email harvesting
    • Metadata harvesting
    • Banner grabbing
    • SIP enumeration
    • IKE enumeration
  • PHASE 2:
    VALIDATION
  • PHASE 2:
    VALIDATION

    RedLegg will validate the reconnaissance findings to determine whether a vulnerability exists and is actionable.  Any vulnerability that can be validated as 100% false (false positive) will be removed from the test during this phase.

  • PHASE 3:
    DELIVERABLE CREATION
  • PHASE 3:
    DELIVERABLE CREATION

    RedLegg produces three deliverables detailing the results of the assessment including the Penetration Testing Report, a spreadsheet containing the discovered vulnerabilities, and a package containing the raw data from the penetration test.

  • PHASE 4:
    DEBRIEFING
  • PHASE 4:
    DEBRIEFING

    Once the deliverables have been received, RedLegg will schedule a debriefing meeting to discuss the results of the assessment.  During this phase, RedLegg will work with the Client to determine any necessary changes to the report.

  • PHASE 5:
    RETESTING (OPTIONAL)
  • PHASE 5:
    RETESTING (OPTIONAL)

    Within 90 days of the findings meeting, RedLegg can perform two types of retesting.  The first type tests the remediation of any discovered and reported vulnerabilities that the Client says are now remediated.  Any tested items found to be remediated will be updated with that information in the report.  The second type is a full retest of the network scope to determine if any fixes have created new vulnerabilities.

SEVERITY RATINGS DESCRIPTION

RedLegg’s analysis process evaluates risk, ease of use, availability, and likelihood of exploiting a given finding to determine the severity rating. This determination may result in ratings that are different than the ones found within CVSS or automated tools. RedLegg uses the following severity ratings:

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
  • INFORMATIONAL

CRITICAL

Exploitation of a Critical vulnerability could allow code execution without user interaction.  These scenarios include self-propagating malware (e.g. network worms), or unavoidable common-use scenarios where code execution occurs without warnings or prompts.  This could mean browsing to a web page or opening email.

Critical issues should be addressed immediately.

HIGH

Exploitation of a High vulnerability could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.  These scenarios include common-use scenarios wherein the Client is compromised with warnings or prompts regardless of the prompt's provenance, quality, or usability.  Sequences of user actions that do not generate prompts or warnings are also covered.

Issues rated as High should be addressed at the earliest opportunity.

MEDIUM

The impact of a Medium vulnerability is mitigated to a significant degree by compensating controls such as authentication requirements or applicability only to non-default configurations.

Consider applying these security updates in accordance with corporate patching and/or maintenance.

LOW

Low vulnerabilities are comprehensively mitigated by the characteristics of the affected component.  Evaluate whether to apply the security update or mitigating control to the affected systems.

INFORMATIONAL

Anything that does not fit into the categories above, but that the customer should still be made aware of, is rated as Informational.  There are not always solutions or recommendations for Informational findings, as there may be no resolution.  If there is a risk of negative impact, the finding is not rated as Informational.

  • CRITICAL
  • Exploitation of a Critical vulnerability could allow code execution without user interaction.  These scenarios include self-propagating malware (e.g. network worms), or unavoidable common-use scenarios where code execution occurs without warnings or prompts.  This could mean browsing to a web page or opening email.

    Critical issues should be addressed immediately.

  • HIGH
  • Exploitation of a High vulnerability could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.  These scenarios include common-use scenarios wherein the Client is compromised with warnings or prompts regardless of the prompt's provenance, quality, or usability.  Sequences of user actions that do not generate prompts or warnings are also covered.

    Issues rated as High should be addressed at the earliest opportunity.

  • MEDIUM
  • The impact of a Medium vulnerability is mitigated to a significant degree by compensating controls such as authentication requirements or applicability only to non-default configurations.

    Consider applying these security updates in accordance with corporate patching and/or maintenance.

  • LOW
  • Low vulnerabilities are comprehensively mitigated by the characteristics of the affected component.  Evaluate whether to apply the security update or mitigating control to the affected systems.

  • INFORMATIONAL
  • Anything that does not fit into the categories above, but that the customer should still be made aware of, is rated as Informational.  There are not always solutions or recommendations for Informational findings, as there may be no resolution.  If there is a risk of negative impact, the finding is not rated as Informational.

OUR APPROACH

RedLegg is an innovative, global security firm that delivers managed cybersecurity solutions and peace of mind to its clients.

RedLegg’s approach to information security protects the confidentiality, integrity, and availability of critical data based on a sound risk management framework. This approach allows organizations to engage business owners in defining acceptable levels of risk and to participate in the process for evaluating threats.

RedLegg’s ARMEE (Assess, Remediate, Monitor, Educate, Enforce) methodology institutes a lifecycle that allows for an ongoing process to continuously improve the security posture of the organization. This methodology is designed to be portable to all business, legal, regulatory, and security requirements of the organization. It is flexible enough to account for the constant flux in the market place, attack vectors, and protection mechanisms.

ARMEElogo-1

GO DEEPER.

Reach out to our expert staff to dive into your security gaps and to protect your company from breaches.

DISCOVER MY SECURITY RISKS