Cybersecurity Defense Matrix

What Do These Different Terms & Services Mean?

Maybe you are new to the information security space or are looking for some definitions in everyday language that detail the services we are discussing. If so, then the content below is just what you’re looking for.


Application Testing

Unauthenticated ScanAuthenticated ScanAuthenticated Manual Testing
Basic Vulnerability Checks
Thorough Automated Vulnerability Checks
Business Logic Flaws
Session-Based Weaknesses
Privilege Escalation

When we discuss application testing, we often talk about testing your application as an authenticated user (working login/password) and as an unauthenticated user. We strongly prefer to perform testing from both perspectives to give you a complete idea of your application’s risk. If we were to only perform unauthenticated testing, this may give your organization a false sense of security as many applications have the majority of their functionality available after the user has authenticated/logged in to the app. Additionally, sometimes functionality that is available to authenticated users can be mimicked or reproduced by an unauthenticated user, meaning that vulnerabilities may be leveraged by both authenticated users of the system (insider threat, etc. ) as well as unauthenticated attackers.


Network Testing

Vulnerability ScanPenetration TestRed Team Assessment
Port Scan
Vulnerability Scan/Detection
Vulnerability Exploitation
Pivoting/Privilege Escalation
Social Engineering
Physical Security Testing

A vulnerability assessment is a security test that uses automated tools in order to quickly identify a large range of vulnerabilities. A vulnerability assessment is generally a detective test, meaning that vulnerabilities are detected, but are not exploited. We take the additional step of manually validating findings wherever possible to ensure there are minimal false positives included in the results.