Cyber Risk Assessments

Vulnerability assessments are part of an organisation’s core cyber hygiene regiment. Regular assessments help actively identify vulnerabilities that impose risks to the organisation. When performing a vulnerability assessment, we use industry leading scanning tools to identify and rate vulnerabilities by risk exposure. We also provide high-level guidance, which can be supplemented with our remediation service, that allows clients to remediate vulnerabilities discovered.

Often executed in tandem with penetration testing, we aim to identify and quantify internal and external weaknesses in a system. Using best-in-class scanning tools and questionnaires to identify and grade vulnerabilities, we prioritise remediation, and create baselines for future comparisons.

CyberClan bases its methodology on the Common Vulnerability Scoring System (CVSS) open framework for collecting and analysing data. Using the CVSS as a standard, the Risk Management team assigns severity scores to vulnerabilities, allowing responders to prioritise responses and resources according to the threat.

Compromise assessments seek to find attackers currently in the environment, or who have been active in the recent past. CyberClan’s experienced risk management team aims to find evidence of potential threats by identifying indicators of compromise (IOCs) and providing hard data as evidence.

In a nutshell, the primary risks facing businesses are defacement of websites, where unauthorised changes are made to a corporate website; denial of services, where your organisation’s website is unavailable to clients and/or data exfiltration attempts undetected by adversaries.

We help you in identifying security gaps in your web application by following a hybrid approach that combines both automated and manual penetration efforts with custom test case scenarios that are uniquely tailored to meet your business needs.

We deliver web application security testing in accordance with popular and widely accepted industry standards and methodologies, The Open Web Application Security Project (OWASP), OWASP Top 10, PCI DSS, HIPAA, NIST) and several others with a focus on exploiting both legacy and new technologies within your web infrastructure. The security team performs both authenticated testing for a higher test coverage, better insights and improved accuracy, followed by a manual testing and verification process with advanced programming knowledge and expertise to identify the most subtle business logic flaws.

CyberClan’s security team’s goal is to break into a protected WiFi network as well as privilege escalation from a guest network and attacking authorised users.

Additional scope may include WiFi auditing, Wifi phishing, session hijacking, payload injection, rogue Dynamic Host Configuration Protocol (DHCP) services, rogue DNS server, and brute force attacks.

CyberClan’s Red Team engagement will actively test your existing security safeguards, Managed Security Services Provider (MSSP) preparedness and validate, your incident response plan.