Posts

Showing posts from August, 2013

Vulnerability Management 101 - edgescan

Image
Vulnerability Management: The age old penetration test is dead, long live the penetration test...So as discussed before a 1-off penetration test does not work, why? Code changes - possible introduction of vulnerabilities Framework vulnerabilities are discovered all the time  (see here ) Server/Hosting changes may give rise to a vulnerability Patching - vulnerarability Logical/Business logic vulnerability - from new features etc etc So, our 1-off penetration test is only a point-in-time assessment and has its place for deep-dive penetration tests but more often than not the value of a 1-off penetration test is erroded the day the report is finished... like driving a car out of a dealership, it looses half its value in an instant . We decided to do something different.. How about a solution that provides... Monthly or more frequent vulnerability assessments Covers Layer 1-7 (host, protocol, server, IP, patch, webapp, framework etc etc). Is manually verified by hu