Application Vulnerability Assessment
Cyber Intelligence
DESCRIPTION:
The vulnerability assessment service is designed to identify, quantify, and evaluate the risk level of weaknesses in applications before they are discovered by a potential attacker, using tools and manual techniques based on industry best practices. This service provides "CLIENTE" with information on the risk level of each identified vulnerability, along with recommendations to mitigate them. This enables better decision-making when prioritizing or executing a Vulnerability Management plan, with the goal of mitigating and reducing the organization’s exposure to an attack. Under this testing approach, Silent4Business consultants perform a comprehensive review of web, client-server, or mobile applications (infrastructure servers, databases, web servers, and middleware components).
DELIVERABLES:
Executive summary (executive presentation):
• Scope of the analysis
• Most vulnerable assets
• Root-cause recommendations
Vulnerability matrix:
• CVE related to the vulnerability (when applicable)
• Risk classification
• Vulnerable asset
• Vulnerable service
• Vulnerability
• Vulnerability description
• Mitigation recommendation
CODE
AVA
BUSINESS LINE
Cibersecurity
CATEGORY
Cyber Intelligence
RESPONSIBLE:
Eduardo Salmerón
METHODOLOGY:
Penetration Testing Methodology for Web & Cloud Apps, APIs, and iOS/Android Mobile Applications
SCOPE:
The service includes security assessment of applications
EXECUTION TIME
Applications:
Without credentials:
• 01 asset – 04 business days
With credentials:
• 01 asset – 08 business days
SPEI system:
• From 01 to 10 assets – 10 business days