Vulnerability Assessment

Securing your Business against the Threat of the Internet

Ensuring your web
sites, services and
applications respond
effectively & efficiently
and service users at
all times

Includes

Security Testing

Vulnerability Assessment

Vulnerability ReCheck

In todays world, the sheer volume and wide variety of threats to Businesses and their IT systems are
increasing at an exponential rate. Businesses that trade electronically, which accounts for nearly all
businesses in some form, are vulnerable to risks such as fraud, data theft & breaches of confidentiality,
causing loss of informational assets, intellectual property and damage to the business reputation.

Example Tools

Nessus Pro

Openvas

Saint Pro

Retina

Nexpose Enterprise

Our Certifications

Certified Ethical Hacker

EC-Council Certified
Security Analyst (ECSA)

Licensed Penetration Tester

Hacking Forensic Investigator

Cisco Certified Internetwork

Expert (CCIE)
Certified Cisco Systems
Instructor (CCSI)

The Vulnerability Assessment

Our testing works on the premise that hackers have more knowledge of network vulnerabilities than the
organisations that run the networks, and they always stay one step ahead of network professionals. We
deploy a team of network security experts to perform the tests using the same techniques that hackers
would use to breach network security in an ethical manner.
The Vulnerability Assessment involves ocating the vulnerabilities & weaknesses in the network and
associated services and then reporting back to the client.

The Results
When all tests and scans are complete, our consultants prepare a full report for the business. The report
provides a way to evaluate the network system from an attackers perspective in order to perform
necessary steps to remediate any issues effectively.

Footprinting & Network Mapping

The process of footprinting is a nonintrusive activity performed in order as much information that is
available about the target organisation, systems and services. This involves general research and querying
publicly available repositories (whois databases, domain registrars, Usenet groups, mailing lists, etc.).

CCNP

CCIP

CCNP Security

CCSP

CCNP Wireless

CCDA

Information Gathering

CCDP

Expected results of this phase are, domain names, server names, IP address information, network topology,
ISP details, general Internet presence & company profile

Certified Information
Systems Security Professional
(CISSP)

The Security Testing team will then review and map out detail of the organisations topology and network
profile. Examples of this would be IP addressing, public domain information, port scanning, ping sweeps.
This information is then compiled and fully analysed for the next phase of the process.

Scanning and Enumeration

This phase will comprise of identifying live systems, open and filtered ports, any services running on these
ports, mapping router and firewall rules, identifying any operating system information, network path
discovery, and so on. This phase is particularly involved and there is a substantial amount of active probing
of the target systems.
After successfully identifying the open ports, services behind them will be fingerprinted, either manually or
by using readily available tools.
Expected results would be port information, IP addressing of internal and external systems & networks,
mapping of the network & types of operating system

Includes

Service & System Identification

Vulnerability Assessment

Vulnerability ReCheck

Here we review and identify the types of service deployed and application versions. Additionally
identification of the types of operating systems, patch levels and enumeration of those systems

Example Tools

Vulnerability Testing

Nessus Pro

Openvas

After identifying target systems & services and gathering information from the above phases, our Security
Testing team will then attempt to find any possible vulnerabilities existing in the systems under the test

Saint Pro

Retina

Nexpose Enterprise

Our Certifications

Certified Ethical Hacker

EC-Council Certified
Security Analyst (ECSA)

Licensed Penetration Tester

Hacking Forensic Investigator

During this phase our Consultants will use automated and manual tools to scan the target systems for
known vulnerabilities. These tools are a comprised toolset of both purchased industry standard tools, as
well as tools freely available in the public domain. Our Consultants will also test the systems by supplying
invalid inputs, random strings and other information in order to check for any errors or unintended
behaviours in the system output. This is in the attempt to discover any unidentified vulnerabilities.
Expected results include the type of application and services listed by vulnerability, patch levels, denial of
service issues, areas secured by obscurity

Cisco Certified Internetwork

Expert (CCIE)
Certified Cisco Systems
Instructor (CCSI)

CCNP

CCIP

CCNP Security

CCSP

CCNP Wireless

CCDA

CCDP

Certified Information
Systems Security Professional
(CISSP)

Tel: 0844 8248624 Email: info@primosec.com Web: primosec.com