Attackers are constantly probing networks, systems, and Web application in search of exploitable vulnerabilities and organizations failing to test and secure their Internet facing information assets often fall victim.  These probes and attacks are not limited to the size or sophistication of an organization rather its security posture.  Ultimately, a successful compromise could cost thousands and possibly millions of dollars in losses to reputation, customer confidence, market share, productivity, legal recourse, and more. 

Our team of expert Ethical Hackers can help organizations identify security issues before they are exploited by attackers.  We accomplish this by conducting an assortment of vulnerability tests & scans against target systems which are designed to simulate real-world probes and attacks, accurately discover issues, and provide proven solutions for countering attacks; we also offer ongoing testing as well.   At the conclusion of our testing, a findings report is provided which includes a detailed description of each issue, an associated severity rating, an exploitability risk rating, and one or more practical recommendations for addressing the issues throughout the System Design Life Cycle (SDLC).

Core Testing Performed

RVASI conducts the following core tests as part of our External Vulnerability Scanning services:

		Intelligence Gathering
		A variety of proven tools and techniques are used to electronically "Dumpster Dive" and collect all types of information (intended & unintended) about the target organizations employees, systems, customer base, product offerings, financials, business relationships, and more that is available/accessible in the public cyber domain.
		Port Scanning
		Testing includes an assortment of port scans conducted against targets that are designed to positively identify all open TCP & UDP ports, determine compliance with stated policies, and find potential attack vectors.
		Services Probing
		Thorough probes for available services and subsequent listening applications are conducted against targets to find potential attack vectors and to determine which vulnerabilities may be present to exploit.
		Fingerprinting
		Various fingering printing tools & techniques are used to enumerate information about target systems, remotely map target networks, and to determine which vulnerabilities may be present to exploit.
		Vulnerability Scanning
		A combination of commercial & open source tools, manual techniques, knowledgeable & experienced consultants, and the information collected during other testing phases are utilized to conduct comprehensive External (perimeter) vulnerability scans against target networks, systems, and Web applications for thousands of potential security issues.
		Research and Verification
		In order to eliminate false positives, detailed research, analysis, and verification testing is performed.  This research and testing primary focuses on corroborating results via the search of online databases, mailing lists, newsgroups, exploit publication sites, and other relevant sources and by utilizing manual techniques to verify each finding.
		Compliance Testing
		During testing, all vulnerabilities discovered are analyzed/evaluated from a compliance and industry standards perspective and violations are reported.

Optional Testing

RVASI offers the following optional tests for organizations desiring a more comprehensive look at their external/perimeter security posture:

		Wireless Security Assessments
		Our Wireless LAN (WLAN) vulnerability assessments thoroughly examine and test an organization’s (1) compliance with stated security polices, (2) WLAN system security architecture, design, and configuration, (3) WLAN compliance with regulatory requirements, and (4), for the existence of exploitable vulnerabilities.
		War Dialing & PBX Assessments
		Our Wireless LAN (WLAN) vulnerability assessments thoroughly examine and test an organization’s (1) compliance with stated security polices, (2) WLAN system security architecture, design, and configuration, (3) WLAN compliance with regulatory requirements, and (4), for the existence of exploitable vulnerabilities.
		Social Engineering Assessments
		We test the susceptibility of an organization's employees to Social Engineering attacks primarily geared towards gaining unauthorized access to the organization’s networks, systems, Web-based applications, and/or confidential information assets such as customer data.
		Denial of Service (DoS) Assessments
		We test an organization’s external defensive measures and capabilities to withstand various types of DoS attacks launched against their Internet facing networks, systems, and Web applications.  Furthermore, we will thoroughly examine whether it is possible to gain unauthorized access to these systems and use them to target other organizations with similar attacks.

Process Overview
The first step in our process is to complete our Assessment Contact Form.  Once complete, a member of the RVASI team will contact the specified point of contact(s) within your organization and begin the process overviewed below:

•   Signed Mutual Non-Disclosure Agreement (MNDA)

RVASI requires organizations to sign a MNDA before proceeding with any assessment related activities including detailed discussions, interviews, or similar.  The primary purpose of this agreement is to govern the handling of confidential information shared between our organizations.

•   Scope Interview & Questionnaire

Unquestionably, this is one of the most critical phases in the entire process. Our team will meet with individuals at your organization via a conference call or other means and conduct one or more interviews in order to gain a thorough understanding of your desired testing goals/needs, security & compliance requirements, business risks, and other related factors.  We will then work on defining the scope. 

•   Statement of Work (SOW)

We will synthesize the information provided by your organization during the "Scope Interview" process into a customized and detailed SOW for the testing engagement; the completed SOW will be securely delivered to your organization for review, modification, and acceptance. 

•   Pre-Assessment Activities

A review of testing objectives, scope, and requirements will be done prior to the start of testing to ensure that everyone is on the same page.  Typically, this is accomplished via a conference call initiated by RVASI and includes organizational points-of-contact, IT security personnel, business stakeholders, and the team at RVASI performing the testing.

•   External Vulnerability Scanning

During this phase, our team will conduct agreed upon testing and provide designated points-of-contact with status updates at agreed upon intervals i.e. daily, bi-weekly, etc. in a pre-selected secure format.  Contacts receive an automatic notification of all security or compliance issues discovered that pose an immediate threat to the organization's networks, systems, Web applications, or other information assets.  

•   Report/Wrap-up

At the conclusion of testing, RVASI delivers a detailed report of our findings that includes proven/practical recommendations for remediating, mitigating, and thoroughly understanding the risk of issues discovered.  We also meet and discuss each of our reported findings with key individuals within your organization and provide ongoing support & resources throughout the resolution process.

Return on Investment (ROI)

RVASI’s External Vulnerability Scanning Services help organizations identify, understand, and address security or compliance issues that affect their External information assets before attackers exploit them.  Our in-depth and detail oriented testing also provides organizations with an accurate snapshot of their security posture along with an excellent baseline to measure change and ongoing security efforts.

Cost

Our External Vulnerability Scanning Services are extremely affordable and priced within the security budget of most small to large organizations.   RVASI charges a flat-fee for this service and the cost is based on the scope of the engagement.  

Getting Started

To get this process started, please take a few minutes and complete our Assessment Contact Form and a member of the RVASI team will contact you soon.  We look forward to hearing from you!