Security Scans
The quick start into your security analysis
Your externally accessible systems and applications pose specific threats from cyberattacks. Our security scans provide a quick overview of your security level. Moreover, they help you comply with IT security best practices and provide you with initial answers to potentially existing vulnerabilities. The scan results can also form the starting point for an in-depth, manual review, for example in the form of a pentest.
What scan types do we offer?
System Security Scan
Our System Security Scans check your internal and external IT systems (such as web servers, mail servers, file servers) for several thousands of vulnerabilities, always in line with the latest research. We use standardised, internationally recognised scanning procedures and base our review of your scan results on renowned security standards.
Scans can be performed externally over the internet (External System Security Scans) or as optional internal scans via a VPN tunnel (Internal System Security Scans). The System Security Scan includes checks for the following vulnerabilities:
- Unencrypted communication
- Missing security patches
- Use of default settings, such as default passwords
Web Application Security Scan
With our Web Application Security Scans, you check your internet-accessible and internal web applications for weak points and security vulnerabilities. You'd also like to check the web applications "behind the login" and thus the area with particularly sensitive data, then you need an authenticated scan. For this, you provide us with access data for a user role in advance. The web application security scan identifies frequently occurring security gaps, including:
- Cross-Site Scripting (XSS)
- SQL, Command und XPath Injections
- Directory und Path Traversal
- Security Misconfigurations
Mobile Security Scan
With our Mobile Security Scan we check your mobile applications (e.g. iOS and Android) for known vulnerabilities. The scan consists of a static source code analysis, which is performed offline, and an optional web application security scan of the backend or API.
Through this scan, your applications will be checked for the following security vulnerabilities, among others:
- Storage of sensitive information in the source code (e.g. API keys or hard-coded passwords)
- Use of outdated signature algorithms
- Use of insecure functions (e.g. weak encryption keys)
DNS Security Scan
During a DNS Security Scan, externally or internally accessible DNS servers are analyzed for vulnerabilities and configuration errors.
The DNS Security Scan includes the following checks, among others:
- Identification of known and unknown assets (target/actual comparison)
- Domain and subdomain enumeration using reverse lookups and other techniques
- Testing for DNSSEC zone walking, DNS zone transfers, DNS recursion DDoS, cache snooping, and unauthenticated updating of DNS entries
- Verification of compliance with best practices such as DMARC recodes and DNSSEC
PCI Security Scan: Internal Scan and ASV Scan
Businesses that process, store or forward credit card data must have their IT systems regularly scanned for vulnerabilities to comply with PCI DSS.
FAQ
Ihr Titel
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
What are the phases of a Security Scan?
Planning
During the planning phase, we coordinate all relevant information and technical details of the environments to be scanned with you. In addition, depending on the scan type, the time window of the scan is determined. If required, we set up the VPN tunnel together with you (for internal scans).
Scan
We use a standardized, internationally recognized procedure to check your systems or web applications for relevant security vulnerabilities and anomalies. Detected vulnerabilities are not exploited in the process. This nearly eliminates any risk to the proper operation of your IT systems.
Review
One of our IT security experts will review the results of your scan. We base our evaluation of vulnerabilities on international and renowned security standards.
Report
Finally, you receive a comprehensive report comprising an Executive Summary and a Technical Report. The criticality of vulnerabilities and their probability of occurrence are highlighted and gives corrective measures.
Where is the service provided?
Depending on the scan type, the service is provided from the offices of usd via the Internet or offline. If internal IT systems and applications are checked, this is done via a secure, encrypted connection. If desired, the service can also be provided on site.
Which scanning methods make sense to combine?
System Security Scan & Web Application Scan:
Hackers attack both the services accessible on an IT system and the web applications running on it. Both scanning services in combination allow a more holistic security overview.
Web Application Scan & Mobile Security Scan:
Most mobile applications communicate with web applications or APIs to perform their tasks. Therefore, a comprehensive analysis of the security posture requires as well as testing the mobile application, testing the interfaces with which the mobile application communicates. Hence, the combination of testing the mobile application and the provided APIs is highly recommended.
How often should scans be performed?
In principle, we recommend that you scan your IT environment on a regular basis in order to be prepared for constantly new attack scenarios. Therefore, in addition to the one-time scan, we also offer you annual packages with 4 scans each for quarterly scans. You are free to choose the scanning intervals when you place your order.
Do you provide consulting support?
You will not be left alone with the scan result. Our experts will be happy to support you if any questions or problems arise.