CVSS-based Security Audit
We guarantee that the audit process is performed by verifying the same number of security controls on an asset
We guarantee that the audit process is performed by verifying the same number of security controls on an asset

A company willing to perform an IT security audit may find that, if the audit is performed by two different security analysts, the number of weaknesses, evidences, and risk assessment may differ. There are several key aspects for a consistent assessment that should be considered in a penetration test.

Security Risk Analysis can be considered a highly subjective aspect that may result in assessments that may differ beyond reason. This difference in the criticality and asset risk qualification negatively impacts several organizational and project management aspects:

  • Defense of a penetration test results in a executive meeting.
  • Defense of the results with the Technical Department.
  • Prioritization of a technical action plan.
  • Justification of investment in periodic security audits.
  • Investment in technology and perimetric security elements.

In order to improve this aspects, the Tarlogic Security Team relies on the CVSS methodology, an IT security risk classification methodology that leaves little room for misinterpretation of the risk level classification and that can be used to represent the impact as a graphic or plot.

CVSS makes use of several aspects to measure vulnerability impact. The main aspect is represented by the baseline metrics associated with vulnerability aspects, measuring:

  • The complexity of access to the audited system
  • The need for authentication to exploit a security flaw
  • The impact in information confidentiality
  • The impact on integrity
  • The impact on system uptime

Contact Tarlogic to perform a Web Security Audit based on the OWASP Methodology and protect your business applications.

If you are looking for a higher detailed security audit, environmental metrics can be added, which analyze the reliability of the detected vulnerability, the complexity to be exploited by a third party, ad the complexity of getting it fixed.

Temporary metrics evaluate how this vulnerability impacts the systems based on the existence of functional tools to exploit this vulnerability and the availability of security patches.

The use of CVSSv2 allows you to know precisely the security level of your organization and justify, based on the results, the need for a larger investment in security.

OTHER SERVICES

OWASP web Security Analysis

Wireless Audit – OWISAM Wi-Fi Security Audit

Hardening

Bug Bounty – Tarlogic Managed Vulnerability Rewards

Ethical Hacking – Specialized Security Solutions

Advanced Persistent Threat (APT) Penetration

Red Team Tarlogic

Piracy Analysis and Online Fraud Monitoring Services

Hardware Hacking and Reverse Engineering Services.

Security Audit, IT Security and Ethical Hacking Services

Wi-Fi and Rogue AP Device Analysis

Mobile App Audit

Interested in any of our services?