VA - Vulnerability Assessment

One of the main activities in the area of preventive CyberSecurity that we provide is Vulnerability Assessment, an activity aimed at identifying possible vulnerabilities within protocols, encryption algorithms, certificates, software, third-party software, etc.

Carrying out a Vulnerability Assessment correctly therefore means protecting your data and your privacy.

It is carried out by means of a special scanner that, by sending multiple specially created payloads to the target, evaluates the responses from the services and applications and compares them with a vast internal database of known vulnerabilities to highlight those found.

The added value we offer is aimed at checking and verifying the output, excluding any false positives present, minutely verifying the actual presence of the vulnerabilities found and recommending mitigation/remediation scenarios to be applied.

The results of the Vulnerability Assessment are compiled in a customised report, which contains both a descriptive executive summary for management and a specific technical summary including descriptions, screenshots, demonstrations, CVSS Score, mitigation/remediation suggestions and links to external resources for developers to support them in error correction.

STAST-Static Analysis

One of the main activities we provide in the area of "Secure Development"/ CyberSecurity Services is Static Application Testing (SAST), an AppSec methodology that tests applications from the inside out by examining their source code and without running them.

The SAST interacts with the source code at an early stage of the sSDLC (secure Software Development Life Cycle), so that developers can find any security problems before the application is completed.

SAST provides real-time security feedback during coding, making it a more proactive way to quickly fix flaws and resolve issues at the lowest cost.

The activity consists of analysing the source code of an application using ad-hoc tools, checking for false positives and finally assessing the individual vulnerabilities found.

The end result is a report containing all the information needed to identify the changes required to make the code secure.

PT – Penetration Test

Penetration Testing is another key activity in CyberSecurity.

To make a Penetration Test effective, it is not enough simply to identify the weaknesses of the targets, but it will be crucial to contextualise these weaknesses to understand the real risk to the organisation.

It is very important to conduct comprehensive Penetration Tests, highlighting all the problems encountered, the impact of each one, the associated risk and, where possible, try to identify the root cause of the problem and provide process and policy recommendations.

Our Penetration Tests enable the organisation to take immediate and effective action to reduce the chances of an intrusion, and provide a security baseline to track the evolution of IT security within the organisation.

The results of the Penetration Test are compiled into a customised report that includes both a descriptive executive summary for management, and a specific technical summary including descriptions, screenshots, demonstrations, CVSS Score, mitigation/remediation suggestions and links to external resources for developers to support them in correcting errors.

DAST-Dynamic Analysis

Another activity we provide in the area of 'Secure Development'/Cybersecurity Services is dynamic application testing (DAST), an AppSec approach that allows us to take a detailed look at how the application behaves when it is running, to uncover flaws or vulnerabilities before we continue with the next stages of the software lifecycle.

The results of the dynamic scan help prioritise the correction of exploitable vulnerabilities and immediately reduce risk as they are resolved. However, it can be difficult to pinpoint exactly which code to act upon using DAST alone, and therefore, in most cases it is combined with a SAST activity.

The activity consists of analysing the source code of an application using ad hoc tools, checking for false positives and finally assessing the individual vulnerabilities found.

The end result is contained in a report with all the information needed to make the necessary changes to correct the identified vulnerabilities.