A WinMill Software Vulnerability Audit is an independent, objective assessment of your organization's public-facing network. WinMill brings to the project our extensive experience across all phases of secure software development, infrastructure design, and IT auditing. The deliverable of a Network Vulnerability Assessment is an assessment of the following:
- Intrusion Detection Methodologies. We evaluate the intrusion detection system that you have in place (if any) and determine their effectiveness. If there are specific types of security breaches that are not being identified by your system, we can show you how to fix the deficiencies.
- Public Facing Fingerprint. WinMill will probe your network in order to determine your internal IP architecture and services. This will tell us how much information about your network an unauthorized user can access. We use publicly available resources to perform this evaluation.
- Firewall Policy. You tell us what protocols and services are supposed to be permitted through your firewall, and we will compare these to the results of our testing. If there are gaps, we can show you how to close them.
- Application Servers. WinMill will probe your servers for known operating system and application vulnerabilities. This assessment will tell you if patches need to be applied or your configurations need to be modified.
- Penetration Mitigation. We will perform a second set of vulnerability tests from inside your network. This procedure allows us to determine how vulnerable you are to an employee security breach, or to an external hacker who penetrates your firewall.
- Denial of Service Attacks. With written permission from your management, WinMill will attempt to exploit vulnerabilities in your website, applications, and/or network architecture in order to cause system failure or network node failure. This will create a Denial of Service. Confirming your resilience against an attempted DoS attack provides the ultimate assurance that your network is secure.
- Web Application Vulnerability Review. Time permitting, WinMill will perform a vulnerability assessment of your custom web applications. We will provide an analysis based on security risks and potential vulnerabilities. This will enable you to evaluate the level of secure design being applied to your custom application code.
During the course of our assessment, we will highlight potential issues, make recommendations to improve security and identify areas that should be investigated further. The deliverable of this engagement is a high-level document covering the points noted above as well as the methodology used to test the vulnerability of the network. The document will be delivered during a closing meeting where your management and WinMill will discuss the findings and next steps.
A WinMill CISSP-certified security engineer oversees a Network Vulnerability Assessment. This project may include significant client participation. Please plan to make key staff members available as needed.