Cybersecurity Defense Matrix
What Do These Different Terms & Services Mean?
Maybe you are new to the information security space or are looking for some definitions in everyday language that detail the services we are discussing. If so, then the content below is just what you’re looking for.
|Unauthenticated Scan||Authenticated Scan||Authenticated Manual Testing|
|Basic Vulnerability Checks|
|Thorough Automated Vulnerability Checks|
|Business Logic Flaws|
When we discuss application testing, we often talk about testing your application as an authenticated user (working login/password) and as an unauthenticated user. We strongly prefer to perform testing from both perspectives to give you a complete idea of your application’s risk. If we were to only perform unauthenticated testing, this may give your organization a false sense of security as many applications have the majority of their functionality available after the user has authenticated/logged in to the app. Additionally, sometimes functionality that is available to authenticated users can be mimicked or reproduced by an unauthenticated user, meaning that vulnerabilities may be leveraged by both authenticated users of the system (insider threat, etc. ) as well as unauthenticated attackers.
|Vulnerability Scan||Penetration Test||Red Team Assessment|
|Physical Security Testing|
A vulnerability assessment is a security test that uses automated tools in order to quickly identify a large range of vulnerabilities. A vulnerability assessment is generally a detective test, meaning that vulnerabilities are detected, but are not exploited. We take the additional step of manually validating findings wherever possible to ensure there are minimal false positives included in the results.