How it works?

A customizable cybersecurity solution designed to provide businesses with remote access to expert cybersecurity consulting, assessment, and management services.

A comprehensive cybersecurity solution designed to help businesses identify and reduce their exposure to cyber threats through digital footprint mapping, network and infrastructure analysis, open-source intelligence gathering, social engineering testing, and penetration testing.

Cyber Legion will work with you to determine your specific needs and create a customized testing plan based on your unique requirements.

The duration of a penetration testing engagement depends on the scope and complexity of the testing involved.

Cybersecurity testing should be conducted on a regular basis, with the frequency depending on the specific needs of your organization.

The cost of security testing depends on the scope and complexity of the engagement.

Security Testing Pricing list refence 

A penetration test is a comprehensive, manual test of your system’s security defenses, while an automated vulnerability scan is a more limited, automated check for known vulnerabilities.

A method of testing the security of a system or network by simulating an attack to identify and exploit vulnerabilities.

Cyber Legion offers several types of penetration testing, including network, web application, mobile application, cloud, and social engineering testing.

Fixing these vulnerabilities will help you improve your information security defenses for not just your business but your staff, clients, customers, and partners.

• Identify weaknesses
• Prevent attacks
• Protect sensitive data
• Protect reputation
• Avoid fines and ransom costs

Security scanning, or vulnerability scanning, can mean many different things, but it can be simply described as scanning the security of a website, web-based program, network, or file system for either vulnerabilities or unwanted file changes.

Retesting enables programs to ask hackers to verify whether a vulnerability has been fixed in order to secure the protection of their data. If you submit a valid vulnerability report, programs can elect to invite you to retest the vulnerability to verify the fixes.

Our specialized team of security professionals hold industry qualifications such as CREST, OSCP, CISSP, CISM, CEH and Cloud security certification such as AWS, azure, GCP etc.

We are a SC Cleared team combine this with many years of industry experience at the highest level working across all industry sectors. We are skills hands-on engineers with clear track record of implementing, running managing security testing programs across various organizations.

A typical penetration test will follow this pattern: Initial engagement, scoping, testing, reporting and follow up. There should be a severity rating for any issues found.

For this model we assume that:

• You wish to know what the impact of an attacker exploiting a vulnerability would be, and how likely it is to occur
• You have an internal vulnerability assessment and management process
  Initial engagement of the external team
• You should ensure that the external team has the relevant qualifications and skills to perform testing on your IT estate. If you have any unusual systems (mainframes, uncommon networking protocols, bespoke hardware etc.) these should be highlighted in the bid process so that the external teams know what skill sets will be required.

1.Scoping

Scoping a penetration test should involve:

1. All relevant risk owners
2. Technical staff knowledgeable about the target system
3. A representative of the penetration test team

Where the goal of the test is to ensure good vulnerability management:

1. Risk owners should outline any areas of special concern
2. Technical staff should outline the technical boundaries of the organization’s IT estate
3. The penetration test team should identify what testing they believe will give a full picture of the vulnerability status of the estate

Assuming you have one, a current vulnerability assessment should be shared with the testers at this stage. Testing can then be designed to support a reasonable opinion on the accuracy and completeness of the internal vulnerability assessment.

Special requirements

During scoping, you should outline any issues which might impact on testing. This might include the need for out-of-hours testing, any critical systems where special handling restrictions are required, or other issues specific to your organization.

Plan of action

The output of the scoping exercise should be a document stating:

1. The technical boundaries of the test
2. The types of test expected
3. The timeframe and the amount of effort necessary to deliver the testing – usually given in terms of resource days
4. Depending on the type of approach agreed, this document may also contain a number of scenarios or specific ‘use cases’ to test
5. The penetration testing team’s requirements. This will allow you to do any necessary preparation before the date of the test. For example, by creating test accounts or simply allocating desk space
6. Any compliance or legislative requirements that the testing plan must meet
7. Any specific reporting requirements, for example the inclusion of CVSS scores or use of CHECK severity levels
8. Any specific time constraints on testing or reporting, that a penetration testing company will need to consider when allocating resources

2.Testing

Staying in contact

During the test phase, you should ensure that a technical point of contact is available at all times. The point of contact does not need to spend all their time working with the test team but should be available at short notice. This allows the test team to raise any critical issues found during testing, and resolve problems which are blocking their testing (such as network misconfiguration).

Taking care

The testers should make every effort to avoid causing undue impact to the system being tested. However, due to the nature of penetration testing, it’s impossible to guarantee that no unexpected reactions to testing will occur.

Changing scope

During a penetration test or security assessment, the testing team may identify additional systems or components which lie outside of the testing scope but have a potential impact on the security of the system(s) which have been defined as in scope.

In this event, the testing team may either suggest a change to the scope, which is likely to alter testing time frames and cost, or they may recommend that the exclusion of such components be recorded as a limitation on testing.

The decision on which would be the preferred option will generally be down to the risk owner, with the penetration team responsible for clearly articulating the factors to consider.

3.Reporting

The test report should include:

• Any security issues uncovered
• An assessment by the test team as to the level of risk that each vulnerability exposes the organisation or system to
• A method of resolving each issue found
• An opinion on the accuracy of your organisation’s vulnerability assessment
• Advice on how to improve your internal vulnerability assessment process

A debriefing can also be useful. At this meeting the test team run through their findings and you can request further information or clarification of any issues.

4.Severity rating

When rating vulnerabilities it is common for penetration testers (often at customer behest) to use the Common Vulnerability Scoring System which attempts to give a numerical score identifying the severity of a vulnerability.

To simplify this measurement, CHECK reports are required to state the level of risk as HIGH, MEDIUM, LOW or INFORMATIONAL in descending order of criticality. For CHECK reports, scoring systems such as CVSS may be used in addition to (but not in place of) this.

Whilst vulnerabilities are ordinarily categorised at one of these levels in a consistent manner, exceptions can sometimes occur. For example, other mitigating controls in place could minimise the effectiveness of a vulnerability, or the presence of additional vulnerabilities could have a synergistic effect.

Any deviation from associating a vulnerability with its standard rating should be documented and justified by the penetration testing team.

5.Follow up on the report

1. Do your own assessment

The penetration test report should be assessed by your organisation’s vulnerability management group in a similar manner to the results of an internal vulnerability assessment.

The penetration test team will have rated each issue found and given a potential solution. However, it’s important to note that risk assessment and decisions on the application of fixes are your responsibility.

The test team may not have had access to all details about a specific system or the potential business impact of the exploitation of a vulnerability. Consequently, they may rate issues either lower or higher than you. This process of assessing vulnerability levels should not be used to downplay issues – it should be a process of looking at issues and identifying the risk to your organisation.

2. Previously unknown vulnerabilities

Any vulnerabilities identified by the penetration test which you did not previously know about should be given special attention, with the aim of identifying ways in which you might go about spotting such issues in future.

3. Choosing solutions

The solutions proposed by your penetration testers may not be the only ones possible. You should take advice from your own technical staff and suppliers on alternatives.

As an example, imagine your pen testers have suggested patching a piece of software. You should ask yourself, ‘Is this the only solution to the problem?’ It may be possible to simply uninstall the software if it’s not actually required, or other controls could be put in place to limit exposure to the vulnerability. It may even be that additional monitoring of the vulnerable component is sufficient to reduce the risk to an acceptable level.

Vulnerability risk assessment and mitigation is a business process and should not be wholly outsourced to the test team.

Vulnerability assessments are typically more frequently performed as an ongoing assessment against the environment. Typically external vulnerability assessments are performed monthly or quarterly in between any annual manual penetration testing to identify any potential changes to the environment such as missing patches, unsupported software or configuration weakness that may put the environment at risk and would go undetected until the next manual penetration test.

Attack surface management is the continuous discovery, inventory, classification and monitoring of an organization’s IT infrastructure.

Attack surface management is important because it helps to prevent and mitigate risks stemming from: Legacy, IoT, and shadow IT assets. Human mistakes and omissions such as phishing and data leaks. Vulnerable and outdated software.

Bug bounties employ a competitive model that leverages the use of ethical hackers (or, security researchers) to detect and submit bugs or vulnerabilities within an organization’s digital assets with the potential for reward if found and validated within a predefined scope.

A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs.

A cybersecurity risk assessment identifies the various information assets that could be affected by a cyber attack (such as hardware, systems, laptops, customer data, and intellectual property), and then identifies the various risks that could affect those assets.

The importance of risk assessment in business is identifying vulnerabilities that may threaten these regular operations and, resultantly, an organization’s reputation. Risk assessments improve overall cyber defense posture, help protect endpoint devices, and minimize potential damage from specific threats.

A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed. It is normally an automated scan using a commercial scanning engine tool. It is different to a penetration test where a human tester uses a variety of different methods to try to exploit and verify any weaknesses.

Vulnerability management is the process of identifying, evaluating, treating, and reporting on security vulnerabilities in systems and the software that runs on them. This, implemented alongside with other security tactics, is vital for organizations to prioritize possible threats and minimizing their “attack surface.”

Mobile testing covers many areas such as the device configuration, the management of the device and the applications used on the device.

Applications used on mobile devices can be tested at an application level to ensure no vulnerabilities exist that could lead to data being obtained from the device or the server that the application communicates with.

Cloud testing is penetration testing or vulnerability assessments of applications, infrastructure or the portal configuration of systems that are hosted within Cloud providers such as Microsoft Azure, Microsoft,
VMware, Oracle, IBM, Amazon AWS etc.

Servers or applications that have been incorrectly configured when installed or after migration to Cloud hosting providers may be exposing services or vulnerabilities to the Internet.

Adversary emulation is a practice that “aims to test a network’s resilience against advanced attackers or advanced persistent threats (APTs).” Basically, adversary emulation is a way for security organizations and consultants to carry out the same tactics, techniques, and procedures (TTPs) that bad actors would use against you in the real-world but in a contained emulation.

Basically, adversary emulation is a type of red (or purple) team engagement that uses real-world threat intelligence to impersonate the actions and behaviors that your red team (or bad actors) would use in practice.

And while many different frameworks can be used to carry out your adversary emulation exercises, many opt to use MITRE’s expansive knowledge base of real-world adversary behaviors outlined in the ATT&CK framework and their Adversary Emulation Plan

A penetration test can provide assurance that the systems and security controls tested have been configured in accordance with best security practice and that there are no common or publicly known vulnerabilities in the target system at the time of the test. If vulnerabilities are found these can be rectified before an attack or security breach occurs.

Penetration testing will enable you to:

Manage vulnerabilities
Avoid extra cost and reputation damage from a security breach
Provide evidence of compliance with regulatory and certification standards
Provide assurance to customers and suppliers that their data is secure

Unauthenticated Testing

This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues on exposed services. It does not login to the system, therefore does not run more detailed checks that would only be possible when using local administrative user credentials.

Authenticated Testing

This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues, by logging into the host as an administrative user. This performs a much more detailed review and covers patch checking and configuration issues for the unexposed services on the host. If you wished to check all patching levels of systems across your network, an authenticated test would be the best option.

Application security testing (also known as a pen testing or pentesting) is an authorised security test on an application to identify vulnerabilities that may be present and could be exploited. Testing can be conducted via the Internet (if the application is externally facing) to identify any external facing vulnerabilities, or from inside the company for an internal application or if the application is not open to the Internet.

Vulnerabilities within applications could expose sensitive data to unauthorised users, or be used to further compromise systems within the organisation.

An application penetration test gives assurance of the applications security. It tests the application manually for weaknesses in access controls, user permissions and separation, input injection, file upload/download functionality, authorisation and authentication. It can identify weaknesses that may allow an unauthorised user to use the application in a non-intended manner and provide access to information they are not authorised to view.

The vulnerabilities identified are reported back to the system owner along with mitigation recommendations.

Penetration testing can also be used to test an organisation’s compliance with security policies, the security awareness of its staff and how effectively it can respond to security threats.

All security test results will be immediately available on the web portal, providing clear visibility of any vulnerabilities discovered. Along with the report of our findings, we offer a comprehensive set of recommendations to assist senior executives and IT/Dev/Engineering teams in implementing mitigation and remediation measures. We aid in the speedy resolution of all findings by providing specific technical details, testing methodologies, and actionable insights.

The web portal system offers visualization, analytics, tracking, and reporting capabilities, helping to eliminate any challenges in the remediation process with the guidance of Cyber Legion security researchers. Advanced technology features are also accessible through the Secure Client Portal.