Technological vulnerabilities :
Technology vulnerability testing aims to identify potential vulnerabilities in your external http/https assets.
Description of the process :
There are 4 stages in the process :
- Identification of the different technologies used on the assets measured.
- Matching the versions of the technologies detected with the CVE-SEARCH CVE database.
- Passive identification of potential vulnerabilities.
- Creation of a list all observables reported by severity level and verification points.
Tests carried out :
- Unlike a vulnerability scan (an intrusive approach), Security Rating® collects clusters of clues to deduce the likely componenets used. Using this information, the solution deduces the existence of potential vulnerabilities within the scope being assessed.
- Technically the aim of these tests is to identify know vulnerabilities by identifyng the types and versions of services retrieved by analysis carried out and the vulnerabilitiy databases consolidated by the SOC Board of Cyber.
- These tests are carried out on URLs belonging to yout organisation. They check wether the components present on a URL present vulnerabilities.
Update performance :
This category measures the speed with which vulnerabilities identified in the category of the same name are fixed.
Process descirption :
- Accounting for the time assets are exposed to the potential technological vulnerabilities.
- Creation of a list of all assets affected by a target remediation time that has passed.
