Home > Services > Security > Assessment
 Star Security Posture Assessment (SPA)

We like to describe this as the surgical application of a Vulnerability Assessment. This service not only evaluates vulnerabilities that can be externally exploited but also proceeds to the next level of actually exploiting those vulnerabilities and demonstrating how an intruder would compromise corporate system(s).

This service is designed to be utilized by companies that have implemented a variety of security measures and need to determine and verify their true level of security. Commonly, the Assessment supports certification, business insurance or regulatory requirements. You can wait until a Hacker tests your systems or you can have it performed by a trusted security partner.

Policy and product implementation can look extremely good on paper and during a sales pitch, but this service actually looks at the implemented security and shows how useful it really is. With the reports generated by this service, the company can then know exactly what vulnerabilities it may have and where they need to be remedied.

This Assessment is actual detection and penetration of discovered vulnerabilities. In addition, it will test the IT staff of the company to see if they can recognize an attack and if they respond as expected. As such, it can be a useful tool to verify existing security implementations and provide a quantifiable level of assurance instead of acceptance of blind faith.

Reporting includes, but is not limited to:

  • Outside perspective and analysis of information shared out to the public
  • Exploration and mapping of connections and access to targets
  • Investigation and assessment of services offered
  • Exploitation of services

Rapid escalation of access granted by services until maximum access is reached or in many cases so many vulnerabilities are discovered as to change the nature of the assessment from a Penetration test to a full-blown security assessment.

Immediate reporting of grave vulnerabilities found that provide ingress into the companies resources and assets.

The corporate assessment requirements and target environment need to be analyzed prior to the generation of a cost estimate. The costs vary widely due to the variable number of targeted enterprise hosts, host placement in the IT architecture, diversity of targeted host OS platforms. Further, the client must apply strict test secrecy measures in order to prevent contamination of the test results.

© Copyright 2007 WhiteHat Inc. All Rights Reserved. Upcoming Events | Privacy Policy