Stewart Consulting Logo
Book Now

FAQs

Answering this question is the primary focus of a cybersecurity assessment.

A cybersecurity or vulnerability assessment is a scan of networked devices or individual systems to determine potential issues. The assessment’s primary goal is to determine open ports, software, operating system versions, and patch levels. From this information, we can determine if the system is potentially vulnerable to known bugs, vulnerabilities, and exploits. No exploitation is attempted as part of the assessment.

The penetration test occurs after the vulnerability assessment identifies potential exploits on the target systems. Depending on the test target, the customer may decide to focus only on high-risk or high-value targets. The ethical hacker then attempts to gain access to systems or data on the systems. The ultimate goal of the penetration test is to prove the vulnerability can be exploited and lead to full system compromise.
 

As part of a Penetration Test, exploitation is the Ethical Hacker’s attempt to exploit the vulnerabilities discovered during the assessment. This could be bypassing webpage boundaries to read files on the underlying server, remote code execution to expose sensitive files, or unauthenticated remote access. 

There always exists a slight chance that a production system is adversely affected by assessments or penetration testing. This only typically occurs if the system is misconfigured or experiences faulty hardware. We do not attempt Denial of Services (DoS) attacks, overload fuzzing, or buffer overruns on production systems without prior written permission. Tests can occur outside of normal business hours and with or without prior knowledge by your IT and Security monitoring staff.

Cybersecurity assessment reports will include testing procedures, devices tested, and the vulnerabilities discovered. Each vulnerability will explain the threat, show the Common Vulnerabilities and Exposures (CVE) name as proved by MITRE, and the Common Vulnerability Scoring System (CVSS) severity rating. Detailed technical information includes the specific versions of software affected, risks, and mitigation. Penetration test reports vary but include step-by-step technical instructions for re-creating breach and exploit processes, mitigations, recommendations, and screenshots.

Many companies employ automated scanners to find vulnerabilities, print the report, and bill you. We do not use automated scanners such as OpenVAS or Nessus for example, for vulnerability assessments or penetration testing. Automated tools often miss misconfigurations by focusing solely on known bugs. While we do employ several scanning tools to find open ports and detect live systems, most of the work completed is by a certified Penetration Tester, searching and probing the same way an unethical hacker would.

We do not utilize Artificial Intelligence (AI), Machine Learning (ML), or Large Language Models (LLM) as part of our services on customer systems. This is primarily for privacy. AI, ML, and LLM are shared data sets.  Any customer data discovered while using AI becomes part of the learning models, which has been known to leak customer data.

Fuzzing is overloading a system with random, invalid, or unusual data to find bugs and vulnerabilities. Unfortunately, this all too often leads to buffer overflows, memory leaks, and system crashes. We limit fuzzing to directory and subdomain identification, user identification and, if appropriate, brute force password scanning.
 

A brute force attack attempts thousands or millions of passwords in the hopes of finding the right one to gain access to a system. Most modern systems include protections against brute force attacks, but some do not. We often test brute force attacks to verify system protections against it. We also use brute force attacks against password hashes we discover on computers, wireless access points, or servers, but this is done offline and does not affect production systems.

No one except those inside the company who signed the agreement are privy to the details of tesing. All test procedures, data, vulnerabilities, exploits, and compliance concerns are provided ONLY to the company’s designated representatives. We require working directly with executive management or at least with their full approval. We are under no legal obligation to report our findings to anyone except if evidence of a felony is discovered. All communications and findings are encrypted and protected under a two-way non-disclosure agreement (NDA).

First step is a general meeting to discuss expectations and outcomes. You can schedule through Calendly here. A non-disclosure agreement (NDA) is then sent for eSignature. Once this is complete, we work through the Scoping Questionnaire to narrow down the scope of our engagement. This is followed by a proposal, Rules of Engagement (RoE), and any other agreements. Only after all agreements are in place will assessments begin.