Step 1: Security Quick Check - Execution
Short Security Quick check on publicly accessible systems.
In just a few days, you will receive an initial assessment of your security level and the results of the Security Quick Check:
- Overview of publicly accessible systems:
You will receive a list of systems and applications that our experts have discovered about your company on the Internet. It happens very often that systems are publicly accessible that have long been forgotten and are a gateway for attacks.
- First assessment of the security level:
The assessment of the current security level is helpful in order to be able to derive the next necessary steps.
- Identified vulnerabilities:
Security vulnerabilities are often already discovered during the first analysis phase. These can be configuration errors, outdated systems or even customer data that is publicly available on the Internet! We will notify you immediately of any critical security vulnerabilities we find.
Step 2: Security Quick Check - Recommendation
We will explain our results in a short review on your premises or by telephone. In addition, the results are recorded in a report that we provide to you.
We distinguish roughly into three categories:
- No vulnerabilities identified
- No critical vulnerabilities identified
- Critical vulnerabilities identified
Based on your result and the safety level determined, we recommend the next steps.
You are not obliged to carry out any further tests.
Step 3: Consulting
Based on your Security Quick Check result, we recommend the following procedures:
- No security breaches identified:
If we have not identified any security gaps, you can be pleased at first, but not yet weigh in security. The Security Quick Check offers a first short analysis of your systems. Further security strategies are recommended in any case.
- No critical vulnerabilities identified:
If only a few non-critical vulnerabilities have been identified, we recommend our Security Expert Check . During a workshop day, we will work with your team to develop recommendations on how you can increase your security level.
- Critical vulnerabilities will be identified:
If critical vulnerabilities have been identified, they need to be fixed quickly. Our report contains a first recommendation for these vulnerabilities. We will be happy to provide further advice in order to avoid critical vulnerabilities in the future.
Step 4: Vulnerable assessment:
Procedure of the Vulnerability Assessment:
- Identifying systems:
Each time a vulnerability assessment is started, all systems that, in our view, belong to your company are identified.
- Comparison of the data:
The systems identified by us are compared and discussed with you. This step often reveals obsolete systems that do not have to be taken into account when the system is switched off.
- Active vulnerability scan:
Active security tests are carried out by us on the list of matched systems. Automated tests with the help of open source and commercial software are mainly used.
- Verification and evaluation:
In contrast to a pure vulnerability scan, we verify the identified vulnerabilities whenever possible and evaluate them individually for you.
With our report you will receive a management summary including an evaluation of the current security level. In addition, you will receive a description of each identified vulnerability and our mitigation recommendations.
A vulnerability assessment provides you with an assessment of the current security level. We recommend that you conduct security tests at regular intervals in order to maintain the security level.
This will give you noticeably increased protection for your systems.
Step 5: Penetration Test
We recommend penetration testing for systems with critical and sensitive data. These must be specially protected. Automated security tests, which identify known security gaps, are not sufficient here.
With our combination of predominantly manual and customized automated tests, we also identify unknown configurations and programming errors.
Procedure of the penetration test:
Each penetration test is individual. For different scenarios there are procedures that can be recommended by us. From whitebox to blackbox tests, servers and applications, we can provide you with experts in all areas.
The implementation is carried out by our experienced experts. The tests are based on recognized security standards, such as the OWASP Testing Guide or the Penetration Testing Execution Standard.
With our report you will receive a management summary including an evaluation of the security level. In addition, you will receive a description and mitigation recommendations for each identified vulnerability.
We see our reports as input. We try to find solutions together with you in order to convert the experiences from the penetration test into automated tests. These can then already be used during the development or design phase of a product.
Are you interested in our security services or do you have further questions? Please feel free to contact us by E-Mail.
Tip: Book the imbus Expert Day Security and you will receive a risk assessment and recommendations for action in a compact half-day workshop!
NEW: Take part in one of the imbus Security Test Webinar.
The dates and registration for the Security Testing Webinar can be found here.
Do you have any questions about Security Webinar? Please feel free to contact us via E-Mail.