Methodology

Whether it’s a penetration test, vulnerability assessment, code review, security training or a security policy management, CSD's main business practices are the same. Thanks to our unique skills, the client is provided with:

  • Realistic attack scenarios which portray actual results and methods of an attacker

  • Additional executive summaries for every technical vulnerability, enabling ease of understanding by other non-technical parties

  • Clearly explained step-by-step definitions of each and every vulnerability with different methods and scenarios of exploitation

  • Clearly and strictly defined short-term, mid-term and long-term roadmaps on remediation of each discovered vulnerability

During the entire course of the business relationship between CSD and the Client, CSD provides a clear roadmap with strict milestones and Key Performance Indicators, according to the nature of each service provided.

CSD acts according to a strict Rules of Engagement guideline, which puts the main concerns of the client in the center. Once we mutually agree on the exact borders of the Scope, CSD will try to go beyond the unthinkable, and apply the most comprehensive intrusion scenarios possible for the purpose of an actual hacker attack simulation.

For the purpose of ensuring acknowledgement of each and every threat by our Client, CSD puts a strong emphasis on the reporting procedure.

CSD has a unique approach which consists in the integration of the most well-known automated tools with manual penetration tests conducted by two individual teams of real ethical hackers.

Our deliverable

  • An executive summary, which includes a brief summary of possible attack scenarios, vulnerabilities and attack vectors, written in a non-technical terminology so that the risk and impact can be understood by ALL relevant parties.

  • A deep technical report which includes technical details about each vulnerability, together with all possible methods of exploitation, background information, relevant references, and required elements of mitigation/response/remedy.

As a result of the Penetration testing & Vulnerability Analysis services provided by CSD, the Client will be provided with a Short-Term Remedies Plan, which will include:

  • All mandatory actions that shall be performed for eliminating Critical and Sensitive Vulnerabilities;

  • Urgent design flaws that are mandatory to be remediated before launching / publishing any application;

  • Mandatory trainings that should be provided to the Administrator / Operator / User personnel of a system, in case critical/sensitive vulnerabilities occur due to the misuse of the system.

screenshot
Scroll

A report with 0 false positives

Request a demo report