Skip to main content

External (PenTest) and Internal Vulnerability Analysis

By October 8, 2015#!28Thu, 28 Feb 2019 10:46:43 -0300p4328#28Thu, 28 Feb 2019 10:46:43 -0300p-10America/Sao_Paulo2828America/Sao_Paulox28 28am28am-28Thu, 28 Feb 2019 10:46:43 -0300p10America/Sao_Paulo2828America/Sao_Paulox282019Thu, 28 Feb 2019 10:46:43 -03004610462amThursday=904#!28Thu, 28 Feb 2019 10:46:43 -0300pAmerica/Sao_Paulo2#February 28th, 2019#!28Thu, 28 Feb 2019 10:46:43 -0300p4328#/28Thu, 28 Feb 2019 10:46:43 -0300p-10America/Sao_Paulo2828America/Sao_Paulox28#!28Thu, 28 Feb 2019 10:46:43 -0300pAmerica/Sao_Paulo2#No Comments


 An External Vulnerability Analysis (PenTest) and Internal This requires very careful planning, as the costs involved can reach significant sums. A perfect view of the risks to which the institution is subjected, as well as an analysis of information technology dependency, make a decision on solutions to mitigate such risks to be more rational and cost-effective.


Here are some benefits that can be achieved at project completion and the execution of a resulting action plan:

• Identification and mitigation of risks and impacts on the business;

• Increased customer and supplier confidence;

• Optimization and identification of opportunities for process improvements;

• Better analysis and development of operational performance trends for both infrastructure and operations personnel;

• Analysis showing the strengths and weaknesses of IT management, as well as threats and opportunities for improvement;

• Fraud reduction;

• Preservation and increase of brand reputation and, consequently, competitive advantage;

• Less likely to leak information.


Our methodology for External (PenTest) and Internal Vulnerability Analysis for this important work is based on, but not limited to, the OSSTMM - OpenSource Security Testing Methodology Manual, marked by ISO27001 standards and documented based on references such as: Common Vulnerabilities and Exposures (CVE) regarding infrastructure vulnerabilities and in the OWASP - focusing on mapped vulnerabilities in applications. Additionally, mapped vulnerabilities will be classified and prioritized according to the Common Vulnerability Scoring System from NIST.


It is ideal that they are performed quarterly and / or after any significant change in structure.

These procedures are required and / or recommended by information security standards, such as PCI-DSS.

Our laboratory

THE [SAFEWAY] created a technology center and its own laboratory dedicated to the assessment, design and validation of architectures and network security. Our laboratory is located at the very headquarters of [SAFEWAY] São Paulo, in addition to having mobile equipment for projects carried out at our clients' premises.

Due to the unique characteristics of our lab, we investigate and test vulnerabilities of various components that may be part of your technology infrastructure. As a result of this work, our experts recommend actions to improve security conditions and build a secure architecture that requires ongoing monitoring of technological resource developments.


Download here the Ponemom: 2016 Cost of Data Breach: Brazil report

Leave a Reply