With our Vulnerability Assessment, we will provide an expert report combining the resources of our scanning software and a human web security expert. Unlike traditional website scanning software or consultants, we combine proprietary scanning technology with custom testing by a team of leading security professionals. Below is an overview of how our Vulnerability Assessment typically works.

1. The Customer provides a list of URLs representing websites to be tested by the security team. This is defined in the service contract, and future URL changes require contract addendum.

2. The Ministry of IT Security Operations Team begins configuring our Web monitoring software to monitor and test the websites residing at the specified URLs.

If the websites use Internet Explorer proprietary JavaScript or ActiveX controls, custom coding may be required on our part to scan the websites.

3. If user credentials are required to access the websites, and our Security Expert cannot self-signup, a pair of user credentials for those specific websites will need to be supplied. If a website has multiple roles, a pair of users for each role in the website will be required (e.g., user, supervisor, administrator, etc.).

The more users and roles provided, the more testing work is created for our security team. This increase will likely be at least linear, if not exponential. If it takes 24 hours to test a website with one pair of users, adding four pairs of users will increase this to a minimum of 96 hours, plus additional Operations Team time to consolidate duplicate findings.

4. The customer controls everything our security team does – start times, stop times, scheduling, retesting. Initially, the Security Operations Team will assist the customer in setting up time schedules and the authorization of the live testing. Once the times and dates are confirmed and credentials are provided, Security Operations does the rest. Vulnerabilities that are detected are rated on both severity and threat levels. This allows developers to best prioritize the remediation process.

5. After the initial “training and testing” of the website, the Security Operations Team schedules a review to go over the findings and explain how they relate/map to software development practices and what remediation strategies work best for the customer’s situation.

The Ministry of IT Security Team is focused entirely on tackling Web security issues. They are well versed in explaining the security implications of the software defects and how to fix them quickly, completely, and verifiably.