Vulnerability Assessment Service

Efficient generation of the scanning result facilitates the remediation process

Vulnerability Assessment can be categorized into two main categories: system vulnerability assessment and website vulnerability assessment. With this, it can evaluate whether there is any vulnerability that can potentially threaten the security. After finishing the initial scanning procedure, we will hand in the relevant scanning result and vulnerability remediation suggestions to our clients. After this, we will do the re-assessment in order to evaluate and examine whether those vulnerabilities have already been eliminated.

The key to making Key-Wisdom outstanding lies in the ‘easy-to-understand content and optimal speed to generate report’. The process of generating scanning result through our Key-Reporter system can be completed in one day, so that vulnerabilities can start to be fixed at once, which effectively protects hackers from invading.

Testing Items

System Vulnerability Assessment

Our testing items in System Vulnerability Assessment always correspond to the latest launched content in Common Vulnerability Exposure (CVE) and include following items:

A.

Operating System Vulnerability Scan

E.

Weak and guessable username and password detection

B.

Common Application Scan

F.

System insecure and misconfiguration detection

C.

Web Application Scan

G.

Port Scan

D.

Malware and Backdoor Detection

Website Vulnerability Assessment

Web VA can specifically focus on the website of your corporation and its inspection items will correspond to OWASP Top10 2021:

(Once the official website updates, the latest content will be provided for testing).

A1

Broken Access Control

A6

Vulnerable and Outdated Components

A2

Cryptographic Failure

A7

Identification and Authentication Failures

A3

Injection

A8

Software and Data Integrity Failures

A4

Insecure Design

A9

Security Logging and Monitoring Failures

A5

Security Misconfiguration

A10

Server-Side Request Forgery (SSRF)

Service Process

Confirming in advance

  1. Check the system, network and frame
  2. Check asset information and content of report
  3. Confirm the target list

Adjusting Scanning Policy

Performing Vulnerability

  1. Adjust any factor, if needed, during scanning process
  2. Export the scanning result

Automatically generating reports

Through Key-Reporter, reports can be automatically generated

Analyzing the scanning result

  1. Set the acceptance risk
  2. Eliminate misjudgment

Assisting our clients in fixing vulnerabilities

We provide both virtual and physical consultation service.

TOP