The assessment process is consistent across all license types, ensuring thorough and accurate security evaluations.
Version Number: v1.0.1
Published Date: 14 May 2024
____________________________________________________________________________
General Assessment Process for All Licenses
- Onboarding: Ensuring that the asset is setup with a sensible scanning policy and scheduled.
- Scanning: Comprehensive scans are conducted to identify potential vulnerabilities.
- Vulnerability Verification: Our analysts manually review scanning results to remove false positives and duplicates, ensuring only accurate findings are reported.
- Confirmation of Fixes: Previously identified issues not detected in current scans are manually checked to confirm if they have been resolved.
- Integration: All findings are securely documented and made accessible through the Edgescan platform and available in a programmatic way via the API.
Specific Assessments by License Type
-
Host/Server License (Network Only):
- Focuses on network layer scanning of designated targets.
-
Essentials License (Unauthenticated Web Application):
- Performs network layer scanning and unauthenticated web application layer scanning, adhering to client specifications.
-
Professional License (Authenticated Web Application):
- Includes scanning of both unauthenticated and authenticated web application layers, in addition to network layer assessments, tailored to client requirements.
-
Professional API:
- Conducts network layer and API scanning, focusing on specific insertion points provided by the client.
-
Advanced License:
- Encompasses regular assessment processes applicable to other licenses and additionally validates findings from penetration tests in subsequent evaluations.
This systematic approach ensures a comprehensive and customized assessment for each asset, utilizing a blend of automated scans and expert analysis to maintain high standards in security validation.