Network Vulnerability Assessment
During a network Vulnerability Assessment, Feisty Fox Security aims to identify and report on identified vulnerabilities within scoped systems. The identification and exploitation process will occur in an interactive pattern to ensure a wide coverage of the systems.
Within this task under the Rules of Engagement we will:
- Enumerate system information such as operating system versions, application versions, and service configurations;
- Browse the relevant services to identify those with inappropriate configuration allowing anonymous or unregulated access;
- Scan each host and service for publicly disclosed vulnerabilities and configuration weaknesses;
- For key servers, specifically, analyse server configuration to identify issues such as unnecessary modules and services, misconfigured administrative services, default files and sample pages;
- Detection of default configurations;
- Detection of sample or demo code;
- Application controls against malicious user input;
- Vulnerabilities in the middleware layer; and
- Research both internal Feisty Fox Security proprietary as well as public vulnerability repositories for suspected security weaknesses.