HMH Consultants & Security Services
London, UK & Houston, TX
Cyber Security Assessments
Network | Application | Data Breach | Scanning | Penetration | Research
The difference between a vulnerability scan and a penetration test
Vulnerability scans are great for a weekly, monthly, or quarterly insight into your network security, while penetration tests are a more thorough assessment of your overall information security posture.
Penetration Tests can be conducted from both the internet and inside your own infrastructure and at both the network and application level. Different tools look for different types of vulnerabilities to exploit and require very different skillsets in the consultant. At the network level the consultant needs to understand server and software configuration, at the application layer their skills are focused on code.
Vulnerability Scanning Assessment
A vulnerability scan is the first assessment we recommend.
We focus on conducting a dynamic assessment of the whole system which is used to highlight potential security vulnerabilities and misconfigurations.
The report grades each vulnerability according to the cyber common vulnerability scoring system (CVSS). The vulnerabilities found within this scan are the initial steps a hacker looks for before launching a full attack.
Vulnerability scans
A vulnerability scan is an automated, high-level test that looks for and reports vulnerabilities[1]. Not all vulnerabilities are able to be exploited in order to execute a hack, though that may change in the future. Typically, all external IPs and domains are scanned and these may or may not be reviewed by a consultant. Some scans offer trend reports that show how the organisation manages vulnerabilities. PCI-DSS requires such scans on a quarterly basis.
Vulnerability scans can be conducted at both the network and application level, though different tools look for different types of vulnerabilities.
[1] The quality or state of being exposed to the possibility of being attacked or harmed, either physically, technologically or emotionally
External Penetration Tests
Penetration testing goes beyond vulnerability assessments, in that the tester examines each vulnerability and manually tries to exploit a vulnerability in order to prove the vulnerability is indeed exploitable and that data assets are available through the exploit. The goals of penetration testing are:
- To determine whether and how a malicious user can gain unauthorized access to assets that affect the fundamental security of the system, files, logs and/or data.
- To confirm that the applicable organisational controls, to meet whatever law, regulation, standard or internal policy are in place.
PCI-DSS requires such a test on an annual basis.
External Infrastructure Assessment
This assessment is aimed at assessing the external internet facing infrastructure of the clients company.
This assessment is designed to highlight and grade in severity of the vulnerabilities found in the system and indicate the foot holds a hacker would find and then exploit to gain illegal access to your system.
Internal Infrastructure Assessment
This assessment is primarily aimed at identifying attack routes within the client’s system and local area network (LAN).
This is used to mirror a hacker’s methods and direction in the system once an initial foothold has been established.
Internal Penetration Tests
An internal penetration test is similar to an external penetration (pen) test, except it focuses on your own infrastructure and with fewer variables and options. External assessments allow a black, white, or grey box methodology. Black box testing requires the tester to have some knowledge of the existing security structure. Internal pen testing is carried out as if by an internal employee, so it’s impossible for the tester not have any knowledge of the network architecture prior to the test if it is to be realistic.
An internal pen test is done as if an attacker is inside the organization’s network, so it fully test vulnerabilities, passwords, network configurations, and internal monitoring controls all at once. Such an assessment calls for a cyber security professional to connect to the organization’s internal network and look to gain access to sensitive resources over the internal infrastructure. The test replicates a malicious member of staff, (or an external hacker who has got through the perimeter) gaining control of an internal asset and exploiting it.
Web Application Testing
Recent research suggests the average user has some 70 or 80 online accounts. Business users may have twice that number. This simply demonstrates the huge volume of web applications along with an exponential growth of the number of transactions. To that extent, proper Security Testing of Web Applications now an essential aspect of an organisations web presence.
Ultimately the aim of Application Security Testing is to check whether the confidential data stays confidential or not (i.e. it is not exposed to individuals/ entities for which it is not meant for) and the users can perform only those tasks that they are authorized to perform.
Web Application Assessment
This assessment is the process of proactively identifying vulnerabilities within your company website or web applications. Such vulnerabilities could lead to the loss of sensitive, confidential and financial information while also allowing a hacker access into your system. This assessment can be done according to a scope of work or as a blind test designed to probe and explore all aspects of your web application security.
Data Breach Discovery Assessment
This assessment is performed by an intelligence analyst using years of Open Source Intelligence (OSINT), dark web investigation experience and knowledge of black market data sites to gather information relating to personal and company data for sale and use in cyber crime. This would include but not exclusive to sensitive documentation, company usernames and passwords, social security numbers and any other form of data that has formed part of a data breach.
Data Breach Discovery Assessment
Data Breach Discovery leverages a combination of human intelligence analyst’s and artificial intelligence that scours botnets, criminal chat rooms, blogs, Websites and bulletin boards, Peer to Peer networks, forums, private networks, and other black market sites 24/7, 365 days a year to identify stolen credentials and other personally identifiable information.