Vulenrability testing and management

Penetration testing is a systematic process of probing for vulnerabilities in your networks
and applications. It is essentially a controlled form of hacking — the ‘attackers’ act on your
behalf to find and test weaknesses that criminals could exploit. Experienced penetration
testers mimic the techniques used by criminals without causing damage. This enables you to
address the security flaws that leave your organisation vulnerable.

We are here to help you test your environment, identify the vulnerabilities before
everybody else does and make sure you stay protected.

Vulnerability assessment enables discovery, categorisation and fingerprinting of the security holes – vulnerabilities in organisation’s IT assets which include network infrastructure, operating systems, hypervisors, servers, standalone server applications, web applications, databases, user endpoints.

All these assets are susceptible to security vulnerabilities, whether they are resulting from design flaws or poorly configured and maintained systems. In these times and more than ever before, with growing complexity of IT systems and applications more vulnerabilities are being introduced and are harder to detect and keep track of which makes them attractive for exploiting by attackers.

This is why it’s important to timely identify, quantify, prioritise and manage vulnerabilities within your IT landscape. When your assets are vulnerable and threats are present major risks occur!

PCI DSS requirement 11.2 states “Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades)”.

In addition if there are any external networks and systems involved in your PCI landscape fulfilling PCI DSS requirement 11.2.2 is mandatory, “Perform quarterly external vulnerability scans, via an Approved Scanning Vendor (ASV) approved by the Payment Card Industry Security Standards Council (PCI SSC). Perform rescans as needed, until passing scans are achieved”.