<<< Start | Our competence | Services | Training | Software | Partners | Contact us

Vulnerability Assessment | Penetration Testing | Source Code Audit

Intrusion Detection | E-mail Sanitation | IT Security Advice

Vulnerability Assessment

We are serious about IT security, something this service may especially reflect. Not continuously evaluating the security is a great mistake that can turn expensive - what's more, most international standards put emphasis on continuous evaluation. Our Vulnerability Assessment service gives you a full evaluation of the threats against and the effects of vulnerability exploitation in your computer environment.

Our consultants look for known vulnerabilities in network services, known or unknown web application bugs, the possibility to penetrate security mechanisms, configuration errors, forgotten/neglected services, information leakage (private information, business intelligence, financial information, internal reports, documentation, etc.) and legal aspects (privacy policy, acceptable use policies, etc.).

The audit is conducted in full compliance with Open Source Security Testing Methodology Manual (OSSTMM) (PDF file) - the most widely used, accepted and comprehensive methodology for testing security to date. OSSTMM complies with and beyond guidelines in ISO/IEC 17799, HIPAA (US), BDSG (Germany), NIST SP 800-42, and several other standards and privacy acts.

tigerteam.se conducts all identification steps in OSSTMM concerning TCP/IP networking and computer security. We don't do the actual penetration tests which allows us to do more on a lower budget.

All identification steps in OSSTMM conducted are documented under Section C - Internet Technology Security (page 42), the modules are:

  • Logistics and Control: Initial assessment to determine the stability of communication with the target.
  • Network Surveying: Basic network information, ISP information, cached information on the Internet about past/present connections into the target network (forums, mailing list archives, P2P networks).
  • System Services Identification: Port scanning revealing a full network map, Operating Systems, version signatures of services, patch level, etc.
  • Competitive Intelligence Review: A comprehensive investigation conducted on the Internet for data that can be categorized as Business Intelligence.
  • Privacy Review: Assessment of disclosures, compliance with expressed privacy policy and actual privacy, information disclosed in marketing or advertisement, assessment of any publicly available private/confidential information, etc.
  • Document Grinding: Profiling of the organization, it's employees, partners, competition, etc. (AKA Digital Dumpster Diving).
  • Vulnerability Research: Two or more state-of-the-art vulnerability scanners are used together with manual assessment to determine any application/network/OS vulnerabilities, the possibility of exploitation of services, Denial of Service attacks, etc.
  • Router and feature identification: The type of router/gateway used, types of traffic allowed to flow, etc.
  • Trusted Systems Testing: Possible trust relationships between systems, found vulnerabilities mapped against systems with trust relationships, listing possible ways to spoof, etc.
We can also teach your organization how to conduct self-assessments of your IT security, continuously. tigerteam.se consists of hackers and we more than happily show you how to best understand criminal hackers that want to enter your computer systems. Read more under Training.

Contact michel.blomgrentigerteam.se for more information. Go to top

tigerteam.se and the tigerteam.se logotype are trademarks of M. Blomgren IT-Säkerhet
All contents Copyright © 2004 by Michel Blomgren - All Rights Reserved

The tiger photographs were taken at Kolmården Zoo