MCP
Assessor
Assessor Hardware
Our Assessor scans local & public IP's resulting in the best vulnerability assessments.
Branch
offices
Internet
DNS
SMTP
IP
Router
Local office
Servers
Workstation
Printers
WIFI
IP phones
Vulnerability Scanning & Assessment Methodology Explained
1
Step One: Host Alive Status
-
Checking if the target is alive & information gathering.
-
To consume data, use the most optimized scanning the Assessor will determine if the target IP address must be scanned.
-
It uses different techniques for this to also detect firewalled systems or otherwise hard to detect a pulse from.
-
One technique is to probe for TCP & UDP ports.
-
A scan can also be forced even if the target appears to be offline or not alive.
2
Step Two: Firewall Detection
-
Determine if the target system is behind a firewall, IDS or IPS system.
-
Some systems appear to be offline where in reality they are just firewalled off & can still be wide open to attack.
-
In the Firewall detection module, it can use different techniques to detect firewalling/filtering/IPSed devices.
-
The test will also gather more network information from the infrastructure when doing TCP & UDP port probing.
3
Step Three: TCP UDP Portscan
-
TCP & UDP port scanning to determine open ports & scanned.
-
In most setups using the best scan profile can be recommended to save time & network bandwidth.
-
For more in-depth analysis the full scan profiles are recommended.
4
Step Four: OS & Service Detection
-
Serviced, OS & services version detection. Operating system detection & optimizing.
-
Once the TCP & UDP scanning has completed, the Assessor will use different techniques to identify operating system running on the target host.
5
Step Five: Profile Vulnerability Scanning
-
Based on selection of one of the nine scanning profiles selected.
-
Right profile is applied for optimized Vulnerability Scanning results.
-
Launch scanning modules, exploits or Denial of Service (DoS) depending on which of 9 profile selected.
-
Best Scan – Popular Ports
-
CMS Web Scan – Joomla, Wordpress, Drupal, General CMS
-
Quick Scan – Most Common Ports
-
Best Scan – 65.535 Ports
-
Firewall Scan – Stealth Scan
-
Aggressive Scan - Full Scan, Exploits & DoS Attacks
-
OWASP Top 10 Scan – OWASP Checks
-
PCI-DSS Preparation for Web Applications
-
HIPAA Policy Scan for Compliance
6
Step Six: Report Generation
Reporting Generation in different formats and outputs risk analysis and remediation suggestion.
-
Popular categories to scan for includes and not limited to:
-
Recommended ports. Scans 8000 among the most common ports
-
Performs 55,000+ checks Web application vulnerability scanner WAS
-
Automatic Service Identification, SQL Injection, XSS Cross Site Scripting, Command Execution
-
Web Crawler, Google Hack DB, Joomla Security Scan, Google Safe Browsing, 50+ Blacklist Checks
-
Wordpress Security Scan, Firewall, DNS, FTP, Web, SSL, SSH, SQL, Netbios and much more.
-
Scans Windows, Mac OS X, Linux, Nix and other operating systems.
-
Duration can be several hours depending on how many services are found during the can.
-
It is designed to be non-harmful and not flood the services by silmulating the human behavior.
Features
Scheduled Auditing
-
Automatic scheduled auditing
-
Automatic alert about new identified security vulnerabilities
-
Shows new vulnerabilities discovered and compares them with old records to show the progress in the security level
Automatic Update
-
Automatic daily database updates
-
Automatic firmware updates with new features and functionality
-
Centralized update point
-
Automatic alerts when database is expired
-
Option to upload updates manually via the interface
Security Audit Features
-
Vulnerability assessment
-
60,000 + vulnerabilities
-
Unlimited auditing
-
No software installation
-
Advanced audit options
-
Launch real exploits
-
Security audit any OS
-
Automatic web crawl script
-
OS independent interface
-
SANS top 20
-
Malware Detection
Multi User Support
-
Supports multiple users to login at the same time
-
Individual user accounts with different audit options and IP ranges
-
Individual user security level
-
Admin and regular users
Penetration Testing
-
Launch real exploits for Windows, Unix, Routers, Firewalls and more
-
Launch real denial of service attacks
-
Launch distributed denial of service via distributed setup
Scalable and Upgradeable
-
All units can be upgraded for network growth via a software license
-
Investment protection
Security Audit Configuration
-
Virtual host auditing
-
Audit specific ports
-
Audit specific web directories
-
Email notification when an audit is finished
Fins Cross Site Scripting,
SQL Injection and Web Errors
-
Automatic web crawling engine identifies known and unknown files on websites
-
Finds Cross Site Scripting
-
Finds SQL Injection
-
Finds Web Errors
-
Black Hat SEO Scanner
-
Google Hack DB
Support & Maintenance
-
One-year database subscription included
-
Full supports included in price
-
Option for instant replacement hardware
-
Web-based user interface (https)
-
Quick setup wizard
-
Configuration backup/restore
-
Email alert and logging via syslog
-
Build-in diagnostic function
Distribution Security Auditing
-
Security audit remote locations from a centralized point
-
Centralized reporting
-
Centralized data storage
-
Centralized control
Security Scanning of:
-
Wordpress, Drupal, Magento, Shopify, Umraco, Joomla, Webshops
Easy-to-understand Reporting
-
XML PDF and HTML reports
-
Reports branding allowed
-
Option for syslog remote logging