This test has CyResLab security researchers combine a multitude of automated testing tools with a manual follow-up testing of the client website with focus on key functionality and taking into account the client’s security needs.
The automated tools include both well-known open-source tools (e.g. Nmap, OpenVAS, Nikto) and proprietary CyResLab tools developed specifically for such tests.
The service consists of an identification phase, where different network and web services are identified and probed, and a testing phase, where a range of manual tests are performed for known vulnerabilities and standard attack vectors, such as XSS, CSRF, injection attacks, etc.
The client receives a report, listing the issues that have been discovered, along with a short assessment, including impact, attacker profile and total score, and suggested mitigation techniques (on an advisory level). CyResLab can offer further help in defining and applying corrective security measures, tailored towards the client’s requirements.
- Scans by open-source tools
- Automated proprietary tools
- 25 hours of manual testing by CyResLab researchers
Ideal for: Clients that are interested in an all-round test of standard Web Attack vectors that would reveal the security posture of the website.