Cybersecurity
- navisec.io
- owasp zap
- many tools: https://owasp.org/www-community/Vulnerability_Scanning_Tools
- too technical: https://portswigger.net/research/how-to-build-custom-scanners-for-web-security-research-automation
- php tool: https://owasp.org/ASST/
- a guide [pdf] https://owasp.org/www-project-vulnerability-management-guide/OWASP-Vuln-Mgm-Guide-Jul23-2020.pdf
- dependency check? https://owasp.org/www-project-dependency-check/
Vulnerability Assessment
NaviSec’s Vulnerability Assessment services provide several benefits to an organization’s security posture. NaviSec believes the single biggest thing a company can do to assess it’s IT Security risk is to perform a vulnerability assessment. A vulnerability assessment is a snapshot in time of the vulnerabilities that exist in a client’s environment. Many high profile hacks, such as the Equifax breach, was the result of unpatched software and could have been prevented if the vulnerability was identified and patched before a remote attacker was able to exploit it.
A vulnerability scan is conducted that identifies the unpatched or misconfigured network services that exist in an organization. NaviSec analyzes the results of the security scan and provides an executive report that easily identifies the biggest risks to the organization’s IT infrastructure.
Our executive report exists to fix the underlying problem, not simply treat the symptom. Vulnerability Assessments are part of our comprehensive Vulnerability Management service that consists of 4 Vulnerability Assessments (quarterly) and an annual Penetration Test.
Download our sample Vulnerability Assessment and see for yourself how we make our reports easily digestible for any roles in your organization. We also include a technical report that details all vulnerabilities discovered, hosts affected and resources to remediate identified issues. View our sample report here.
What sets our Vulnerability Assessment services apart?
After seeing how other vendors conduct their vulnerability assessment, NaviSec wanted to take a different approach. We noticed other vendors were running vulnerability scanning software and simply putting their logo on the report that was generated fully by the scanner software. NaviSec understands our clients are more than capable of learning how to run scans themselves.
Our value comes in interpreting the results, applying the result’s to the client’s risk in its industry and to its business operations, putting the results into a much easier digested report, assisting our clients with remediation and finally treating the underlying IT Security problems instead of only identifying single vulnerabilities and offering resources to fix each vulnerability. This is evident in our sample Vulnerability Assessment included on our website.
