Security Scan

Positioning: (partially) automated security testing from the perspective of an attacker with the skill level of a script kiddie

A security scan is a simulated hacker attack and is a good way of testing the general security level throughout the test object (though with much less testing depth than a penetration test). Unlike with a penetration test, the majority of the testing is carried out semi-automatically. With a security scan, the security vulnerabilities found are then verified manually (unlike with a vulnerability scan), which means that false reports can be ruled out.

The results are presented in the form of a manually compiled short final report of around 8-12 A4 pages. All the tool-generated reports and raw data, the dump files (recorded network traffic), and the action log (record of all actions performed by tester) are supplied on a data storage medium. Optional at extra cost, the Security Scan can be performed OSSTMM compliant. In this case the final report contains the Risk Assessment Value (RAV) calculations as add-on and a separate document containing the completed OSSTMM forms.

OneConsult GmbH is ISECOM Licensed Auditor (ILA), Gold Level and our security consultants are ISECOM certified in various areas of expertize (OPST = OSSTMM Professional Security Tester, OPSA = OSSTMM Professional Security Analyst, OSSTMM-Trainer), guaranteeing that the tests will be thorough and professional and that documentation of the results will be informative and comprehensive.

We offer security scans for individual applications or systems (as a complement to the application security audit) as well as wired (e.g. Internet, DMZ and LAN/WAN) and wireless networks (e.g. WLAN, Bluetooth, GPRS or infrared).

Procedure

Penetration Test

If the project budget allows, we recommend a penetration test for deeper and more informative security testing and reports.

Modular expansions

The following options can be ordered as supplementary modules to the security scan:

• OSSTMM compliance
• Extended information gathering
  • Social engineering (exploitation of human weaknesses)
  • Footprinting (web research)
  • Dumpster diving (rummaging through the trash)
• Audit of firewall ruleset
• VPN (deep inspection: sniffing, traffic analysis, aggressive mode forcing, PSK brute forcing)
• Denial-of-service tests
• Protocol tunneling test (tests sensitivity to 'covert channel'/'inside-out' attacks (approach based on a test trojan: use of OneConsult® Pandora PRO))
• Ethical hacking (hacking to order)
• System audit (os and os-near services (configuration and password-strength))
• War dialing (dial-up remote access systems)
• War driving (wireless networks)
• Software reverse engineering
• System hardening
• Discussion of final report
• Project presentation (incl. discussion of final report)

To optimize the cost/benefit ratio, we recommend combining the strengths of the various test types.

If you're interested in OneConsult and you'd like a no-obligation consultation or more information, please contact us.

Further Information

• Services
• Security Audits
• Benefits of Technical Audits
• Useful Information about Audits
• References