MCP

Assessor

Assessor Hardware 

Our Assessor scans local & public IP's resulting in the best vulnerability assessments.  

Branch

offices

Internet 

DNS

SMTP

IP

Router

Local office

Servers

Workstation

Printers

WIFI

IP phones

Vulnerability Scanning & Assessment Methodology Explained  

1

Step One: Host Alive Status

  • Checking if the target is alive & information gathering.

  • To consume data, use the most optimized scanning the Assessor will determine if the target IP address must be scanned.

  • It uses different techniques for this to also detect firewalled systems or otherwise hard to detect a pulse from.

  • One technique is to probe for TCP & UDP ports.

  • A scan can also be forced even if the target appears to be offline or not alive.

2

Step Two: Firewall Detection

  • Determine if the target system is behind a firewall, IDS or IPS system.

  • Some systems appear to be offline where in reality they are just firewalled off & can still be wide open to attack.

  • In the Firewall detection module, it can use different techniques to detect firewalling/filtering/IPSed devices.

  • The test will also gather more network information from the infrastructure when doing TCP & UDP port probing.

3

Step Three: TCP UDP Portscan

  • TCP & UDP port scanning to determine open ports & scanned.

  • In most setups using the best scan profile can be recommended to save time & network bandwidth.

  • For more in-depth analysis the full scan profiles are recommended.

4

Step Four: OS & Service Detection

  • Serviced, OS & services version detection. Operating system detection & optimizing.

  • Once the TCP & UDP scanning has completed, the Assessor will use different techniques to identify operating system running on the target host.

5

Step Five: Profile Vulnerability Scanning

  • Based on selection of one of the nine scanning profiles selected.

  • Right profile is applied for optimized Vulnerability Scanning results.

  • Launch scanning modules, exploits or Denial of Service (DoS) depending on which of 9 profile selected.

  1. Best Scan – Popular Ports

  2. CMS Web Scan – Joomla, Wordpress, Drupal, General CMS

  3. Quick Scan – Most Common Ports

  4. Best Scan – 65.535 Ports

  5. Firewall Scan – Stealth Scan

  6. Aggressive Scan -  Full Scan, Exploits & DoS Attacks

  7. OWASP Top 10 Scan – OWASP Checks

  8. PCI-DSS Preparation for Web Applications

  9. HIPAA Policy Scan for Compliance

6

Step Six: Report Generation

Reporting Generation in different formats and outputs risk analysis and remediation suggestion.

  1. Popular categories to scan for includes and not limited to:

  2. Recommended ports. Scans 8000 among the most common ports

  3. Performs 55,000+ checks Web application vulnerability scanner WAS

  4. Automatic Service Identification, SQL Injection, XSS Cross Site Scripting, Command Execution

  5. Web Crawler, Google Hack DB, Joomla Security Scan, Google Safe Browsing, 50+ Blacklist Checks

  6. Wordpress Security Scan, Firewall, DNS, FTP, Web, SSL, SSH, SQL, Netbios and much more.

  7. Scans Windows, Mac OS X, Linux, Nix and other operating systems.

  8. Duration can be several hours depending on how many services are found during the can.

  9. It is designed to be non-harmful and not flood the services by silmulating the human behavior.

Features

Scheduled Auditing

  • Automatic scheduled auditing

  • Automatic alert about new identified security vulnerabilities

  • Shows new vulnerabilities discovered and compares them with old records to show the progress in the security level

Automatic Update

  • Automatic daily database updates

  • Automatic firmware updates with new features and functionality

  • Centralized update point

  • Automatic alerts when database is expired

  • Option to upload updates manually via the interface

Security Audit Features

  • Vulnerability assessment

  • 60,000 + vulnerabilities

  • Unlimited auditing

  • No software installation

  • Advanced audit options

  • Launch real exploits

  • Security audit any OS

  • Automatic web crawl script

  • OS independent interface

  • SANS top 20

  • Malware Detection

Multi User Support

  • Supports multiple users to login at the same time

  • Individual user accounts with different audit options and IP ranges

  • Individual user security level

  • Admin and regular users

Penetration Testing

  • Launch real exploits for Windows, Unix, Routers, Firewalls and more

  • Launch real denial of service attacks

  • Launch distributed denial of service via distributed setup

Scalable and Upgradeable

  • All units can be upgraded for network growth via a software license

  • Investment protection

Security Audit Configuration

  • Virtual host auditing

  • Audit specific ports

  • Audit specific web directories

  • Email notification when an audit is finished

Fins Cross Site Scripting,

SQL Injection and Web Errors

  • Automatic web crawling engine identifies known and unknown files on websites

  • Finds Cross Site Scripting

  • Finds SQL Injection

  • Finds Web Errors

  • Black Hat SEO Scanner

  • Google Hack DB

Support & Maintenance

  • One-year database subscription included

  • Full supports included in price

  • Option for instant replacement hardware

  • Web-based user interface (https)

  • Quick setup wizard

  • Configuration backup/restore

  • Email alert and logging via syslog

  • Build-in diagnostic function

Distribution Security Auditing

  • Security audit remote locations from a centralized point

  • Centralized reporting

  • Centralized data storage

  • Centralized control

Security Scanning of:

  • Wordpress, Drupal, Magento, Shopify, Umraco, Joomla, Webshops

Easy-to-understand Reporting

  • XML PDF and HTML reports

  • Reports branding allowed

  • Option for syslog remote logging

  • Facebook Social Icon
  • Twitter Social Icon
  • LinkedIn Social Icon