Vulnerability-Threat Technical Risk Services

image1

A technical vulnerability assessment is the process of identifying and quantifying vulnerabilities or security weaknesses in a system or network environment. The assessment also provides comprehensive information about an organization’s overall security weaknesses, risk rating, and impact. Cyber Defense Lab’s assessment methodology, processes, and recommendations take into account an organization’s business and security requirements and complexities, which translate to recommendations that are both reasonable and actionable.


The assessment consists of a broad review of a pre-defined sample set of systems or applications and their business criticality, vulnerability identification and analysis, validation, risk scoring, and reporting. A vulnerability assessment can be conducted on external and/or internal systems and credentials may be used to identify additional vulnerabilities while reducing the level of false-positive findings.


Our testing may strictly conform to standard public methodologies or be custom-tailored to meet an organization’s needs. Cyber Defense Labs can provide testing on a large range of device types and applications covering network, server/workstations, mainframe/mid-range systems, virtual machines, SCADA, wireless, VoIP, mobile, web, databases, software, etc.


Below are the different types of vulnerability assessments Cyber Defense Labs conducts:


  • Network Vulnerability Assessment – Identifying, analyzing, and reporting on network-based vulnerabilities of systems.
  • Configuration Assessment – Identifying, analyzing, and reporting on host-based vulnerabilities and insecure configurations covering both networked and non-networked applications and services.
  • Application Assessment – Focused, in-depth vulnerability analysis or source code review of applications covering web apps and services, database, software, and mobile applications.

image2

Technical Expertise at Work

What is Penetration Testing?

 A penetration test is a detailed review of an organization’s overall defense effectiveness by simulating a hacker targeting an organization’s network and data assets. Testing is performed manually, includes active exploitation, is multi-vectored, and often reveals many findings often missed by a standard vulnerability assessment. In addition, a penetration test has a goal or “trophy” in mind such as gaining access to confidential client information, intellectual property, administrator access, etc. Penetration testing is best used to test the effectiveness and resiliency of a matured security defense where an existing vulnerability management process already exists.


A penetration test typically involves performing information reconnaissance about a target organization, network mapping and system fingerprinting and enumeration, identifying vulnerabilities, exploitation, gaining and maintaining privileged access, evidence gathering, cleaning up, and reporting. The penetration test can be conducted externally from the Internet acting as an outsider and/or internally from inside the corporate LAN acting as a malicious insider. Different types of penetration tests can be performed with different goals in mind. A “white box” test, which can leverage data from provided information or a vulnerability assessment, and “black box,” which is performed with limited knowledge of the organization’s assets and defenses.

Technical Assessment Services

  • Penetration Testing
  • Vulnerability Assessment
  • Configuration Reviews
  • Application Security Reviews
  • Database Security Reviews
  • Mobile Device Management Configuration Reviews
  • Red Team Exercises Assessment
  • Phishing Exercise / Testing
  • Social Engineering Exercise

Posture Maturity and Risk Advisory

image3

Compliance & Audit Readiness

image4

Proactive Services

image5