Deliverables

Once penetration testing phases are completed iVOLUTION’s REDTEAM Security consultants will document the results of the penetration test.  The deliverable  will present the key findings of the engagement.  The results will include the vulnerabilities that were found during the security test, the severity of the vulnerabilities, implications if the vulnerabilities are exploited, and remediation recommendations.  This provides the client with an effective way to mitigate security issues.

The report will contain the following sections:

• Section I - Executive summary of the overall security review results, which can be presented and distributed to key management in a clear and concise fashion. The executive summary describes at a high level the significance of the results.

• Section II - Detailed explanations of the security implications, risks and recommendations of the vulnerabilities and exposures found related to the security assessment. This document is aimed at the technical audience and addresses:
• The finding or weakness noted for an application.
• The implication and business impact of the finding or weakness.
• How exploits were conducted and their impact
• The severity level of the finding or weakness poses the organization.
• A detailed solution to correct or minimize the identified finding or weakness.
• Identification of  Edge-Level Protection* as it relates to exposed services and remediation technologies

Edge-level protection
Edge, or network, level protection incorporates:

• A solution that protects multiple back end target applications if vulnerable.
• A solution without having to engage in reworking legacy code or reprogramming of applications (if possible).

General conclusions and recommendations
Overall conclusions for each penetration test phase performed detailing the critical aspects of the customer’s security infrastructure that should be modified or fixed in order to enhance the security of the components within the defined scope.
 Our assessment conclusions are built upon the FIST model. In each deliverable we identify and note:

• Damage Potential: The value on the potential amount or extent of damage if a vulnerability is exploited
• Severity level: What weakness poses the organization and its severity.
• Reproducibility: The value on how often a successful breach of relevant vulnerability is exploited
• Exploitability: Establishes a value to establish how much work would go into a successful breach.
• Affected  Users: Places a value on the number of victims that would come about in the face of a successful breach
• Discoverability: Places a value on how easy or hard it would be for an attacker to discover an un-patched vulnerability related to the attackers target
• Information Disclosure: Unnecessary exposure of that data that should not otherwise be exposed
• DoS: Denial of Service – the susceptibility of a network device or application in scope to a DoS condition
• Evaluation of Privilege: Occurs when an adversary uses illegitimate means to assume a high level of trust that they would not normally have

We provide each client with all raw test output and identify corresponding technologies employed during the test. The project will conclude with the delivery and professional presentation of a final report to the appropriate client personnel by the assessment iVOLUTION team.