US ProSecure

US ProSecure®: Enterprise Vulnerability Scanning and Penetration Testing New vulnerabilities are discovered at an astonishing rate.  Attackers analyze the vulnerabilities to determine if an exploit code can be developed. Once the exploit code has been developed, the launch pad is ready to attack susceptible targets.  Organizations that do not continually scan for and repair vulnerabilities face a growing risk of being the next compromised victim.  The number one threat to infrastructures today is known vulnerabilities. A vulnerability is a flaw in a system, device, or application that, if leveraged by an attacker, could impact the security of the system.  Exploits take advantage of a vulnerability by compromising or destructing the vulnerable system, device, or application.  Remediation is the process of repairing or providing a remedy for a vulnerability, thereby eliminating the risk of being exploited.  Vulnerability scanning is used to identify and evaluate the security posture of a network.  Historically, scanners were developed for specific purposes such as scanning only Windows desktops, applications, or network devices.  US ProSecure offers heterogeneous scanning that identifies vulnerabilities across operating systems, desktop applications, network devices, Web applications, databases, and more.

Penetration Testing with US ProSecure

Based on years of vulnerability and exploitation experience, US ProTech developed the US ProSecure penetration testing tool. It is integrated with US ProSecure’s vulnerability scanner allowing customers to exploit a vulnerability discovered by the scanner to confirm its existence without a doubt. Advanced features allow the addition of custom exploits, modify existing exploits, and use US ProTech’s post-exploitation tools.

Web Application Testing

The global adoption of Internet applications and Web 2.0 as a method of streamlining business communications presents a popular target for security threats.  Web vulnerabilities are a serious challenge and have resulted in theft of credit cards, financial loss, and damage to the organization’s reputation and image.  In addition, these threats can also compromise browsers and websites, which puts customers, prospects, and business partners at risk as well.  Because web applications change frequently and new vulnerabilities are discovered on a daily basis, it is important to continuously assess these threats and weaknesses in order to mitigate the risk of becoming the victim of a web attack. US ProSecure also provides a scanning policy for interrogating systems for web application vulnerabilities (e.g., cross-site scripting, SQL injection, cross-site request forgery, etc.).  This provides coverage across the OWASP Top 10 Web Application Security Risks, as well as industry-specific requirements, such as PCI’s Requirement 6.5. See included Chart for summary of scan tests.

US ProSecure Web Application “OWASP” Top 10 Scanning Policy

Once a web site and/or application successfully pass the US ProSecure Vulnerability Scan it can be certified by US ProTech and receive the US ProSecure Validation Mark for posting. The US ProSecure shield (GOLD, SILVER, BRONZE) is based on the frequency of the ongoing scans. This validation seallinks back to our site to certify the site is  certified  Secure based upon the OWASP “TOP 10” scanning policy. VALIDATED BY THE  U.S. DEPARTMENT OF COMMERCE / N.I.S.T 800-53.