info@fortrex.com 877-FORTREX

Services & Technology

Vulnerability Assessment & PenTest

Validate the Effectiveness of Your IT Controls

A Technical Risk Assessment can be limited to solely a vulnerability assessment. However, many times it will also include potential exploitation (i.e. a penetration test). Other optional services are available as either an addition to the vulnerability assessment or as a standalone service.

Technical Risk Assessment Services

  • Vulnerability Assessment | The vulnerability assessment consists of network host discovery, information gathering, scanning hosts at the network-layer and application-layer with industry leading commercial tools in search of thousands of vulnerabilities, and expert-level analysis by Fortrex Security Engineers. The vulnerability assessment can also include various types of optional testing such as authenticated scanning, user privilege escalation, and password cracking. Review policies, procedures, standards and guidelines to verify they meet best practices and/or applicable compliance requirements.

  • Web Application Vulnerability Assessment | In addition to the standard vulnerability assessment, the Technical Risk Assessment can include more in-depth vulnerability testing at the application-layer for web-based applications. For this phase, Fortrex Security Engineers will gain familiarity with the web application through a series of standard user tests in an effort to learn basic information like the operating system, web server type if applicable, linked applications (databases, media servers), security mechanisms (SSL, input filtering) and language base. Once the reconnaissance phase is completed, industry leading commercial web application vulnerability tools are used to identify common coding flaws and web-based vulnerabilities, (e.g. Injection Flaws, Cross Site Scripting, Malicious File Execution, Insecure Direct Object Reference, Insecure Cryptographic Storage, Cross Site Request Forgery).

  • Penetration Testing | In addition to the standard vulnerability assessment, penetration testing of identified vulnerabilities may be included in the Technical Risk Assessment. Exploitation leaves little doubt as to what a hacker can or cannot do. The exploitation phase eliminates the guesswork involved in protecting your network by providing you with the information you need to effectively prioritize your vulnerabilities. Fortrex multi-staged attack emulation will mirror the multi-vectored, privilege escalation and pivoting methods employed by today’s sophisticated hackers and malware authors, allowing organizations to identify the complex paths that attackers traverse across multiple layers of IT infrastructure to expose valuable backend data and systems.

  • Below is a list of additional services that can be included with a vulnerability assessment or as a standalone service:

    • Wireless Assessment
    • Social Engineering
    • Network Security Architecture Assessment
    • VoIP Assessment
    • Database Assessment

Speak with an Assessment Advisor Today!


What our clients are saying about Fortrex Technologies

Scroll to Top