How do we perform vulnerability scans?
-
Definition
-
Analysis
-
Verification
-
Recommandations
We add our expertise to the results delivered by industry leaders to bring you clear, qualitative and contextualized results.
Our different types of scans
- Network scan
- Application scan
- PCI DSS ASV scan
-
Network scan
Infrastructure scans verify system and network layers as well as software versions and configurations of exposed services.
-
Application scan
Application scans provide in-depth analysis of web applications by testing pages, forms and user input against the OWASP repository. These scans can constitute a first control, complementary to the manual penetration tests if the pace of production of your applications is frequent.
-
PCI DSS ASV scan
XMCO also offers to perform the quarterly ASV (Approved Scanning Vendor) scans required for PCI DSS certification.
• Our teams verify the vulnerabilities identified and put them into context in order to determine which represent a potential non-compliance with the standard.
• If no proven non-compliance is identified, the results are submitted for certification. Our experts justify each of the non-conformities identified by the ASV scanner which turns out to be a false positive or which, put into context, does not represent any risk. Once the results of the scans have been validated and certified, we will issue the certificates to you.
• In the event of blocking non-compliance or vulnerability with a proven risk, we deliver each of the elements identified with detailed recommendations in order to allow their correction. We then carry out the counter-audit of the corrections made in order to obtain the certificate.