Security

During this phase, we perform port scans, vulnerability scans, and testing for all computers, devices, databases, and networking equipment on in-scope networks. We then validate the scan results to weed out false positives by manually verifying a subset of results within particular vulnerability classes and review the discovered vulnerabilities.  We include ones marked as “Low” or “Informational,” as well as manually probe the in-scope networks to look for additional methods of entry or compromise not flagged by a scanner.