Blog Post:
Web estate scanning

Published: 2014-05-04 | Author: BCC Risk Advisory

Application Vulnerability Scanning (AVS)

We use vulnerability scanning tools, both commercial and proprietary, as a part of our application security assessment process. We tune our scanning tools in order to execute high-quality and accurate scanning, and then carefully manually verify and perform risk analysis on all of the automatically generated data.

Our staff has experience of performing Vulnerability Analysis and penetration testing of over 1500 production systems for many global organizations in industries such as finance, government and energy.

Vulnerability scanning tools use databases of signatures to attempt to identify weaknesses. These tools can be leveraged to find instances of technical vulnerabilities such as XSS and SQL Injection, Error Handling etc. We analyze the output produced by vulnerability scanning tools and evaluate it carefully to identify false positives and duplicate findings. In many cases, the significance and risk of a finding or issue is unclear without further analysis and understanding of the context of the issue. This analysis is coupled with the other verification techniques to produce a complete and accurate security assessment. We can deliver a regular AVS service to you on a frequent and very cost effective basis in order to assist you to detect changes or newly introduced vulnerabilities to you internet landscape. AVS is also useful after a deep code review in order to verify all discovered security issues are remediated.