Manual penetration testing, although highly valuable, is often conducted on an annual or in-frequent basis. Over the course of a year, new vulnerabilities will emerge which may not be visible to security managers until their next manual test. The purpose of AVA is to provide more frequent assurance on the security of a client’s internet-facing infrastructure.
Running AVA can act as a back-up for your change control procedures making sure administrational changes don’t expose security weaknesses on your internet-facing systems.
The AVA report is valuable from both a management and technical perspective. The report details changes and on-going trends in your security posture as well as thorough and understandable technical advice for issue remediation.
The AVA service model is broken down into three distinct services as outlined below:
|Level of Service||Level of Automation||False Positive Checking||Host Reconnaissance||Frequency of Scans||Test Window|
|Silver||Fully automated||None||None||Monthly||Defined by Context|
|Gold||Semi-assisted by consultant||False positive checking of: |
|Yes||Fortnightly||Requested by customer, defined by Context|
|Platinum||Consultant Assisted||False positive checking of:|
|Yes||Weekly||Defined by customer|
To discuss this service in more detail please call + 44 (0)207 5377515 or email firstname.lastname@example.org