Our Assessment Services were designed to provide an overall picture of your organization’s application, host and network vulnerabilities. We use publicly-available, commercial and custom assessment tools and techniques developed and discovered over our combined three decades experience to identify problems in your environment.
“When it comes to testing your perimeter or critical applications, automated assessment tools cannot provide you with the information needed to protect your enterprise. Special Ops’ actionable assessment reports deliver immediate remediation strategies and objective metrics to help mitigate ongoing risk.” – Jason Morrow, CISO of Opteum Financial Services
Vulnerability Assessment
New and increasingly stringent legislation, compliance requirements, and increased dependence on automation simply compound the need for repeatable and unbiased audits of your internal security controls. Special Ops vulnerability assessment services provide a comprehensive view of your security posture as well as an actionable remediation report that allows you to prioritize and address critical weaknesses immediately.
- Black Box: an external audit that focuses on identifying weaknesses in perimeter security and vulnerabilities of edge devices; requires minimal interaction or prior knowledge of your environment
- Crystal Box: audit external and internal security, relying on interviews and documentation/process reviews and requiring more interaction with your staff. This option provides a more comprehensive view of your organization’s internal weak spots and point-in-time security posture.
Penetration Testing
Penetration testing takes the security assessment to the next level by systematically exploiting security weaknesses in a controlled, repeatable manner. A comprehensive, well documented penetration test can be the difference between perceived weaknesses and demonstrated weaknesses in security.
- External Start: targets your environment from an untrusted network, taking the same approach as a would-be attacker. We can demonstrate attack vectors that would threaten your specific environment and work with you to eliminate them. However, this option will take more time which you may not want to pay for.
- Internal Start: simulates the threat from inside as we actively test your security controls to ensure the confidentiality, integrity, and availability of critical systems and data. This is more cost-effective, as we “assume breach” and start from inside your perimeter defenses.
Web Application
Our Web Application Assessment service analyzes the critical components of your e-commerce application. Using manual techniques, proprietary and commercial tools, and custom programs created uniquely for each application, we pinpoint specific vulnerabilities and identify underlying problems. Our assessments integrate detailed vulnerability and countermeasure information for authentication, authorization, session management, integrity of data, confidentiality of data, and privacy concerns.
Our continually updated methodology, proprietary tools and research ensures our expertise remains state-of-the-art. Special Ops consultants use a combination of commercial tools, internally developed utilities, and manual methodical techniques to review the various potential points of security failure on the web server and within the application itself. We examine the technical implementation as well as the business purpose of each web application, enabling our reports to provide technical solutions to individual vulnerabilities as well as prioritized remediation strategies based on corporate risk reduction.