Our Vulnerability Assessment Methodology
1. Vulnerability Scanning
This phase includes running vulnerability scanner excluding any dangerous plugins to find weaknesses in the scoped systems. This exercise is scheduled in automated fashion unless explicitly agreed to limited timescales with a customer.
2. Vulnerability Analysis
The prioritised list of targets is scanned for vulnerabilities. This assessment involves checking both published as well as undocumented vulnerabilities against the target assets. We sift through the scan results for false positives. The manual assessment ensures focus on verified vulnerabilities only.
3. Reporting
The assessment-execution phase is followed by the analysis & reporting. AltiaCyber performs analysis on the testing output, evaluates the risk impact and likelihood of exploitation in realistic scenarios before providing action plans to remediate the identified risks. All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels.
4. Debrief & Support
AltiaCyber takes customer communication as seriously as reporting or assessment execution. We engage with customers during all stages and ensure that customer contacts are up to date in the language they understand. Post engagement, a free debrief is conducted to help the customers understand the weaknesses and prepare a mitigation plan. Phone and email support is available after the project completion.
