Vulnerability scanning

The goal of the vulnerability scanning is to identify systems that are open to known vulnerabilities. We use several automated vulnerability scanners, both open-source and in-house developed, to assess the security of the target system. The tools use large databases with known vulnerabilities.

The output of the vulnerability scan is a detailed report with the discovered vulnerabilities of the target system.

 

Penetration tests

If you would like a more realistic assessment, the penetration test is what you need. We offer two types of penetration tests: Black-box and White-box penetration tests.

The Black-box penetration test assumes no knowledge of the target system whatsoever. With this test, we will check each target for weaknesses in the behavior and the services offered by the system. This test represents the best simulation of a motivated attacker, trying to penetrate the target and gain elevated privileges or extract sensitive information. The main goal is to assess whether the system is vulnerable to outsider attacks and to explore the impact of the uncovered security flaws.

The White-box penetration test requires knowledge of the target system’s’ specifications, running services, and configuration. During the test, the testing we will need either direct or mediated access to the systems as a way to extract specific information related to the presence of potential vulnerabilities. The goal of the White-box test is to assert that all software packages installed on the systems are up-to-date, and all services are adequately protected. Exploiting the flaws found during a White-box test aims to confirm the presence and the impact of suspected security vulnerabilities.

The output of the penetration test is a comprehensive report with the vulnerabilities found, the methodology and the mitigation techniques. The report is presented and every finding is explained in details.

 

Web application security assessment

Almost everything today seems to revolve around the Web. Individuals use Content Management Systems, blogs, companies use Web-based ERPs e-mail clients, collaboration software. Web applications serve two main purposes: they have centralized management and they take the load off the client computers. But when you put an application on the Internet, security becomes a primary concern.

We can assess how secure your web application is by performing code review and penetration tests. The Web Application Security Assessment service combines all security tests that can be executed against an application to guarantee that it is as secure as possible at the time of the test.

We support C# and VB.NET from the .NET family, Python and PHP.

The output of the Web Application Security Assessment is a complete report on every aspect of the application. The report is presented and thoroughly explained to the client.

 

Incident response

You may take every precaution possible and still get hacked. New vulnerabilities are published every day. A system that is considered perfectly secure today may prove insecure tomorrow. That is why you have to be prepared if an incident occurs.

We can offer you a fast and professional Incident Response service to ensure that if your system gets compromised, the incident will be contained, investigated and eradicated as soon as possible.

For Solid Hosting customers, Incident Response is part of the service. We monitor our servers and take pro-active measures to contain and mitigate any and all incidents with the accounts of our customers. We find the root cause of the compromise and work with our customers to resolve the issue to their satisfaction.

 

Security consulting

We all know that security is already considered a strategic concept. You have to think for security on every level of system deployment. We can assist you on every level in the deployment life-cycle – from the security design of your solution, through the development and the testing to the deployment of the system in production.

 

Pricing

Pricing is specific for each case, so please contact us via our contact form or via email to sales@solid-hosting.net.