How To Certify Vulnerability Assessment / Penetration Test

At the time of writing this Blog our new “Online Vulnerability Assessment” had just gone live, We were inundated with requests for more clarification around the governance on this new functionality.

We decided to put a “Stamp of Certification” on each of the IP Scanning reports sent out to all of our users who conduct external IP scans on our platform to help clarify. We have also written this Blog to discuss the science around what goes into being “Certifiable” when it comes to remote Vulnerability Assessments / Penetration Tests.

The certification process for cyber security is very subjective. The way the industry deals with some of this subjective nature is to certify scope, rather than “Does this testing exercise, certify that the company has asked for the right test in the first place?”. This ambiguity creates a bit of pandemonium in terms of who is advising on scope, and who is signing off the scope (which the consultancy firms love to exploit obviously).

This Blog should give some colour around how we certify our own external scanning engine, while also giving an insight into how tools and logic come together to try and give peace of mind around IP scanning in general. The following is just an extract from our own guarantee that goes out with each of our online vulnerability assessment certification reports but we thought might be useful to share for people that want to understand a bit more around Penetration Testing / Vulnerability Assessment certification in general.

 

 

Frame 98

 

 

Robo Shadow Certification of Vulnerability Assessment (this is what we send out to our users)

This report has been conducted to give a globally recognised external network Vulnerability Assessment executed on the IP addresses entered (also mentioned in this report).   Below are the details of what has been conducted to give clarification to the certification of the vulnerability assessment.

 

The Scan

Your IP addresses entered have all been scanned with both bespoke and open-source technologies. Robo Shadow has its own AI driven technology to help identify and report on Vulnerabilities. Our technology has been designed and built to bridge the gaps in existing cyber tech to give the most reliable reports possible in the fastest amount of time. However, this report has also been created with a hosted NMAP scan, the global standard open-source tool used by security professionals, organisations, and tech companies all over the world.

The key element to NMAP is that it is able to detect packet loss during its scans, and if that packet loss is detected it is able to slow itself down in order to attempt to fix the problem.  This packet loss is usually beyond the control of the scanning party, sometimes, the router device that the scan is being conducted from, or the inbound router of the target device faces issues (and drops the requests which may affect results).

NMAP will detect this packet loss and slow itself down to try and counter act any problems and give the best possible results.   This is why we also recommend getting multiple scans done of the same target from different IP addresses.

 (Please note we have an Android Application available in the Play Store if you want to do some separate scans from a mobile device for any additional checking required).

 

The Data Reconciliation

This Robo Shadow remote scanning tech will take in multiple sources to report on your Vulnerabilities. Combining different technology, some proprietary, and some open source means results are coordinated from different scan tech / locations. Below are the 3 sources currently used to create our Vulnerability Assessment reports:

Robo Shadow AI

Our technology will identify Vulnerabilities within the scan results. This logic is developed completely in house and is engineered to address some of the gaps in the existing toolset currently available in the open-source markets.

NMAP

Scanned from our own Robo Shadow hosted platform this globally recognised technology is used for its known accuracy and dominance in the Cyber Security industry.

Shodan

Not all IP addresses will be listed in Shodan. This well known, and completely separate cloud scanning utility is used by Cyber Security professionals the world over.  It adds the additional benefit of knowing how exposed you are to automated attacks as it is very easy for bad actors to get API access to the Shodan service and conduct hacking on mass.

Note: If you put all of the worlds cyber security products together side by side and set off a scan against the same IP, you will naturally get different results depending on many external factors.

We triangulate 3 different pieces of technology (including our own) to give you the most accurate ports available at the time of scanning.

 

 

Frame 99

 

 

What this certificate does not include

 

IP Addresses Selected

This certification is agnostic of what IP addresses have been entered into it. Robo Shadow is not in control of certifying that the IP addresses you have used within this report reflect truly your complete measurable Cyber Security attack surface.

Effectively this is the subtle difference between:

“A Vulnerability Assessment” (Semi-Automated and repeatable scanning with tools)

Vs

“A Penetration Test” (Human being making sure that the attack surface scope is correct and the right tools are being used).

Feel free to contact our support teams if you would like us to help you define the actual attack surface that you’re trying to protect in some more detail.

The only additional notes around IP Addresses is that “each Robo Shadow user must legally be allowed to Port Scan the given IP addresses contained within this report”. Some countries do not allow port scanning on IP addresses.

 

 

Frame 100

 

 

Penetration Exploits


As stated above the widely agreed definition of a Penetration Test compared to a Vulnerability Assessment is that there is an automated aspect to a Penetration Test whereby first  a “Penetration Tester” conduct a Vulnerability Assessment. Then items discovered on the Vulnerability Assessments are then tried manually by the human tester to exploit in more detail.

This report certification has not been manually conducted by a human. However, the execution tools and Vulnerabilities that may have been found during this exercise are the core constitute part of a full Penetration Test.

This Robo Shadow Vulnerability Assessment Certification is aimed to give a confidence factor against the exercise which has been carried out to produce this report and Robo Shadow accepts no responsibility for any loss or impact experienced by our users through anything connected to our online penetration testing capabilities across the whole Robo Shadow platform.

 

Frame 101

 

Posted by Terry Lewis

Image of blog writer

I’m lucky to have worked in technology all over the world for large multi-national organisations, in recent years I have built technology brands and developed products to help make technology that bit easier for people to grasp and manage. By day I run tech businesses, by night (as soon as the kids have gone to bed) I write code and I love building Cyber Security technology.

Blog Author LinkedIn