Best results from

different approaches

Very different results can be obtained depending on which standards, approaches and methodologies are used during a vulnerability discovering solution. We use latest standards and methodologies for our clients that want to have secure systems and fix cyber security vulnerabilities.

OWASP

NIST

PTEST

ISSAF

The OWASP (Open Web Application Security Project) Testing Guide is a comprehensive manual for web application security testing.

OSSTMM

OSSTMM (Open Source Security Testing Methodology Manual) is a peer-reviewed methodology for performing different type penetratio tests.

The National Institute of Standards and Technology (NIST) provides a comprehensive guide for conducting information security assessments.

PTES (Penetration Testing Execution Standard) is a set of guidelines and technical resources for conducting penetration tests.

ISSAF is a framework developed by the Open Information Systems Security Group (OISSG). It is designed for auditing, penetration testing, and security testing.

CREST

CREST (Council of Registered Ethical Security Testers) provides standards and a code of conduct for penetration testers. We also follow CHECK standards.

Using severities

Considering the long and short term effects of the vulnerabilities determined during the Wiseep scans, it is very important to report them with the correct priorities. Priorities and details uses by Wiseep are like below.

to see risks of bugs

These are vulnerabilities representing the most serious security concerns in terms of the combination of likelihood and impact. They should be addressed urgently.

Critical

These are vulnerabilities representing a high security concern in terms of the combination of likelihood and impact.  They should be addressed urgently.

High

These are vulnerabilities representing significant security concerns.  Whilst Critical and High vulnerabilities should be prioritised, it remains important to address.

Medium

These are vulnerabilities representing weaknesses with limited risk. It is recommended that these issues are remediated, but, risk can be accepted. 

Low

CATEGORIZING OF

Vulnerability types?

To facilitate the understanding and tracking of security vulnerabilities, we categorize them into various groups. This structured approach allows us to systematically identify, assess, and address potential threats. The security vulnerability categories we use at Wiseep are designed to cover a wide range of potential issues. These categories help our team prioritize and manage vulnerabilities effectively, enhancing our overall security posture.

Information Leakage
Configuration Management
Deployment Management
Identity Management
Denial of Service Issues
Authentication
Authorisation
Session Management
Input Validation
Client-Side Handling
Error Handling
Business Logic
Lack of Update
Upgrade Issues
3rd Party Issues

CATEGORIZING OF

Root Cause of bugs?

To facilitate the understanding and tracking of security vulnerabilities, we categorize them into various groups. This structured approach allows us to systematically identify, assess, and address potential threats.

Developer Awareness
Admin Awareness
Insufficient Investment
Policy Decision
Process Failure
Insufficient Resource
3rd Party Management
Staff Awareness
Lack of Architecture