CATSCAN®: Experienced Cyber Security Assessments 

CATSCAN®  is designed to provide a rigorous, in-depth evaluation of your IT infrastructure, uncovering vulnerabilities and strengthening your security posture. We combine people, process and technology to deliver an outcome.

What CATSCAN® Delivers:
✅ Comprehensive Evaluation – A full-scale assessment of networks, applications, and systems to identify weaknesses.
✅ Active Testing – Simulated real-world attacks through penetration testing to gauge security effectiveness.
✅ Threat Modeling – Identification and categorization of threats based on discovered vulnerabilities.
✅ Security Controls Analysis – Review of existing security measures to assess their resilience.
✅ Compliance Checks – Validation against industry regulations like GDPR, PCI DSS, and NIST.
✅ Automated Scanning – AI-powered tools to detect known vulnerabilities efficiently.
✅ Next-Step Recommendations – Actionable insights to remediate security gaps and enhance protection.

Stay Ahead of Evolving Cyber Threats
Cybercriminals are constantly adapting--is your business prepared? Proactive Risk offers Vulnerability Assessment Services tailored to your organization’s needs, whether it's a one-time security evaluation or continuous monitoring for long-term protection.
With AI-driven, self-service assessments via our AllSecure platform and in-depth manual assessments by security experts, we provide the insights you need to safeguard your business.
​
📞 Connect with our team today to strengthen your cybersecurity and mitigate risks effectively.

Get a comprehensive snapshot of your business’s security posture. Our experts will conduct a thorough evaluation of your IT systems, identifying potential weak points that a hacker could exploit. This service is ideal for businesses looking for an immediate, actionable plan to strengthen their defenses.

• In-depth report detailing vulnerabilities and their severity
• Recommendations for remediation to improve your security

Scoping Questions

External Penetration Testing

1. Active Hosts/IPs: Please provide the approximate number of active hosts/IPs exposed to the internet across office, datacenter, and cloud infrastructure.
2. Testing Restrictions: Are there any day/time restrictions for the testing?
3. Reporting Requirements: We normally provide a single report with an executive summary, technical details, and third-party attestation. Do you have any additional reporting requirements for this project?
4. Deadlines: Are there any specific deadlines for project execution and report delivery?
5. Security Controls: Are there any existing security controls (e.g., WAF, IDS/IPS) that we should be aware of?

Internal Penetration Testing

1. Internal Environment Size: Please provide the approximate size of the internal environment across all offices, datacenters, and cloud infrastructure, including the number of network-connected systems (endpoints, servers, infrastructure). Approximate numbers are acceptable (e.g., 100, 250, 500, 2000).
2. Number of Employees: How many employees are there in the organization?
3. Testing Restrictions: Are there any day/time restrictions for the testing to be conducted?
4. Reporting Requirements: We normally provide a single report with an executive summary, technical details, and third-party attestation. Do you have any additional reporting requirements for this project?
5. Onsite Requirement: Our standard engagement is performed remotely via a supplied virtual machine or hardware. Please specify if onsite presence is a requirement for this project.
6. Deadlines: Are there any specific deadlines for project execution and report delivery?
7. Security Policies: Are there any internal security policies or procedures we should be aware of?

Social Engineering Campaign - Call for pricing

1. User Count: Please provide the approximate number of users that would be part of the campaign(s).
2. Campaign Types: Would you like to use multiple types of campaigns for different departments?
3. Phone-Based Campaign: Would you like to include a phone-based social engineering campaign?
4. Target Discovery: Would you like us to do target discovery, or will a target list be provided?
5. Specific Scenarios: Are there any specific scenarios or high-value targets you want to focus on?

Web Application Assessment - Call for pricing

1. Application Details: Please provide the name and, if available, the URL of the application.
2. Functionality Description: Please provide a brief description of the application's core functionality, target users, and their capabilities.
3. User Input Pages: Approximate number of user input pages.
4. User Types: How many different user type profiles exist within the application (e.g., standard user, client admin, site admin)?
5. Public APIs: Are there any publicly facing APIs? If so, can you provide API documentation? If not available, then an approximate number of API endpoints.
6. Testing Restrictions: Are there any day/time restrictions for the testing?
7. Source Code/Logs: Can access be provided to the application source code and/or logs? While not required, access to code and logs can improve coverage and accuracy of the assessment.
8. Reporting Requirements: We normally provide a single report with an executive summary, technical details, and third-party attestation. Do you have any additional reporting requirements for this project?
9. Specific Standards: Does this application require an OWASP ASVS Cloud Application Security Assessment?
10. Deadlines: Are there any specific deadlines for project execution and report delivery?

Mobile Application Assessment - Call for pricing

1. Application Details: Please provide a brief description of the application's core functionality, target users, and their capabilities.
2. User Types: How many different user type profiles exist within the application (e.g., standard user, client admin, site admin)?
3. Public APIs: Public API information – application API documentation the mobile app uses, if available, or the number of API endpoints.
4. Mobile Platform: What is the mobile application platform (iOS and/or Android)?
5. Certificate Pinning: Does the application use certificate pinning? If so, can a debug build be provided to allow for data transmission analysis?
6. App Build: Can you provide an application build outside of the native app store (APK/IPA application file for Android and IPA build for x86 iOS simulator)?
7. Reporting Requirements: We normally provide a single report with an executive summary, technical details, and third-party attestation. Do you have any additional reporting requirements for this project?
8. Deadlines: Are there any specific deadlines for project execution and report delivery?

Web Application Assessment with Mobile App - Call for pricing

1. Application Details: Please provide the name and, if available, the URL of the application.
2. Functionality Description: Please provide a brief description of the application's core functionality, target users, and their capabilities.
3. User Input Pages: Approximate number of user input pages.
4. User Types: How many different user type profiles exist within the application (e.g., standard user, client admin, site admin)?
5. Public APIs: Are there any publicly facing APIs? If so, can you provide API documentation? If not available, then an approximate number of API endpoints.
6. Testing Restrictions: Are there any day/time restrictions for the testing?
7. Source Code/Logs: Can access be provided to the application source code and/or logs? While not required, access to code and logs can improve coverage and accuracy of the assessment.
8. Mobile Platform: What is the mobile application platform (iOS and/or Android)?
9. Certificate Pinning: Does the application use certificate pinning? If so, can a debug build be provided to allow for data transmission analysis?
10. App Build: Can you provide an application build outside of the native app store (APK/IPA application file for Android and IPA build for x86 iOS simulator)?
11. Reporting Requirements: We normally provide a single report with an executive summary, technical details, and third-party attestation. Do you have any additional reporting requirements for this project?
12. Deadlines: Are there any specific deadlines for project execution and report delivery?

AWS Configuration Review - Call for pricing

1. AWS Accounts: How many AWS accounts are in scope?
2. Account Management: Are you using AWS Organizations (ORGs) or is there another way these accounts are centrally managed?
3. EC2 Instances: Approximately how many EC2 instances within each tenant?
4. IAM Roles: How many IAM roles exist across all accounts?
5. VPCs: How many VPCs within each tenant?
6. Custom IAM Roles: Approximately how many custom IAM roles are in scope?
7. Public IPs: How many public-facing IPs are there?
8. Serverless/API Services: Are you utilizing AWS API Gateway, Lambda, Cognito, ECS, or any other AWS "serverless"/API offering?
9. RDS Instances: Are there any RDS instances (AWS managed database)?
10. Reporting Requirements: Are there any specific deadlines for project execution and report delivery?

Azure/Microsoft365 Configuration Review - Call for pricing

1. Tenants: How many Azure/Microsoft365 tenants are in scope?
2. Licenses: Please provide the type and approximate number of Azure/Microsoft licenses in use within each tenant.
3. Infrastructure: Apart from Azure AD, is there any infrastructure in use within the Azure tenant? If so, please provide details.
4. Reporting Requirements: Are there any specific deadlines for project execution and report delivery?

Wireless Assessment - Call for pricing

1. Physical Locations: Provide a listing of all physical locations that are in scope for the wireless physical test. For each location, please include:
   • Address or city, state.
   • Type (office building, factory, campus, plant).
   • Approximate size in square feet, number of floors, etc.
   • Approximate number of employees at the location.
   • Number of SSIDs at the location.
2. Testing Restrictions: Are there any day/time restrictions for the testing?
3. Reporting Requirements: Are there any specific deadlines for project execution and report delivery?
4. Security Policies: Are there any internal security policies or procedures we should be aware of?

Proactive Risk provides comprehensive manual assessments alongside AI-driven, self-service assessments through our AllSecure platform. Connect with our team to explore how we can guide you on your journey toward effective risk mitigation