Vulnerability Assessment
Vulnerability assessment (VAS) is the mechanism used by Prolific Solutions (and required for many types of compliance) to help ensure the secure configuration and implementation of information technology solutions or information systems. Performing vulnerability assessments generally involves utilizing automated scanning solutions targeting specific assets or technologies to asses their security posture. This includes the use of many free tools, commercial tools, or specific checklists pertaining to various types of information technology assets.
Depending on your environment and the type of assessment you require, Prolific Solutions can provision and accommodate any vulnerability assessment requests for clients. We strive to ensure your environment has no adverse impact due to the scans by throttling scans appropriately, or conducting scans after hours. Of course, we also understand that no one tool is ever sufficient to represent the security posture of an organization because different tools – both commercial and open source – have their inherent strengths and weaknesses. For this reason, we double or triple up as necessary and upon completion of a vulnerability assessment engagement, we provide a vulnerability matrix (via proVM Auditor) that not only outlines the findings, but includes invaluable additional information as well.
Prolific Solutions has expertise in the following array of potential assessment targets/technologies :
- Web servers
- Web applications
- Code review (secure programming)
- Windows, Linux, Unix, mainframe (OS platforms, etc.)
- Database platforms (Oracle, SQL, DB2, etc.)
- Information assurance controls (functional/procedural setup and arrangement)
- Network devices (port security, firewall ACLs, etc)