WeSecureApp has conducted over 4000 such network vulnerability assessments to help understand and implement an organisation’s network defence efficiently. We achieve this by adhering to the standards described by PTES and NIST network penetration methodology.
At WeSecureApp, we conduct external and internal network penetration testing on a network. Where we use a network vulnerability assessment without the authorization details to resemble a black box test and with the authorization details to resemble a grey box test
How it works?
Methodology
Network vulnerability assessment involves performing a penetration test on infrastructure to check the defences and security posture of an organisation from a remote attacker’s perspective. Internal network assessment involves performing a penetration test on an asset within an intranet or VLAN of an organisation from a malicious insider perspective.
We outline the discussed assets, specific services, and IP addresses on which the network penetration test needs to be performed.
Assessment scope
We then try to discover all possible assets in the given IP range such as web applications running in the given range, active services running, alive hosts using OSINT (Open Source Intelligence) tools such as Nmap NSE, Snov.io, Shodan, Spyse, OpenVAS, and Burp Suite.
Reconnaissance
We formulate manual, semi-automated test cases and perform a check of vulnerabilities in each of such test cases defined.
Threat Modeling
We attempt to exploit vulnerable services in a network using a blend of various tools together such as Metasploit, exploit pack, manually developed scripts, exploit-db scripts, Nessus, etc.
Vulnerability Analysis
On the conclusion of the test, we summarise and prioritise risks and the impact of all the vulnerabilities to formulate a detailed report with remediation.
Reporting
The common vulnerabilities we tackled in the past
The most frequently identified vulnerabilities are not very different from the OWASP top 10 lists.
Poor Code Obfuscation
Excessive Information Leakage
Insecure Communication
Insecure Data Storage
Remote Code Execution
Sql Injection
Source Code Leakage
Broken Authentication
Broken Session Management
Broken Access Control
Do you know?
45-50%
of the network access we achieved was through outdated versions and default credentials.
30%
of the network access we attained was due to misconfigurations in services being used.
20-25%
of the network access resulted due to unauthenticated access.
Want a quick network security
assessment?
Do you know?
45-50%
of the network access we achieved was through outdated versions and default credentials.
30%
of the network access we attained was due to misconfigurations in services being used.
20-25%
of the network access resulted due to unauthenticated access.
Want a quick network security
assessment?
Detect & prevent attacks, before they succeed.
Stay ahead of the rapidly evolving threat landscape and keep your data protected without having to spend a fortune.