CATSCAN: Comprehensive Assessment Tool for Security and Cybersecurity Analysis Navigation
C – Comprehensive Evaluation: Conduct a thorough assessment of the entire IT infrastructure, including networks, applications, and systems, to identify potential vulnerabilities.
A – Active Testing: Implement active penetration testing techniques to simulate real-world attacks, assessing the effectiveness of security measures in place.
T – Threat Modeling: Identify and categorize potential threats based on the specific assets and vulnerabilities discovered during the assessment.
S – Security Controls Analysis: Evaluate existing security controls and policies to determine their effectiveness against identified vulnerabilities.
C – Compliance Checks: Ensure that all systems and practices meet relevant industry standards and regulatory compliance requirements (e.g., GDPR, PCI DSS).
A – Automated Scanning: Utilize automated tools to quickly scan for known vulnerabilities, ensuring a thorough baseline assessment before deeper testing.
N – Next Steps Recommendations: Provide actionable insights and remediation strategies to address the vulnerabilities found, helping organizations strengthen their security posture.
A – Active Testing: Implement active penetration testing techniques to simulate real-world attacks, assessing the effectiveness of security measures in place.
T – Threat Modeling: Identify and categorize potential threats based on the specific assets and vulnerabilities discovered during the assessment.
S – Security Controls Analysis: Evaluate existing security controls and policies to determine their effectiveness against identified vulnerabilities.
C – Compliance Checks: Ensure that all systems and practices meet relevant industry standards and regulatory compliance requirements (e.g., GDPR, PCI DSS).
A – Automated Scanning: Utilize automated tools to quickly scan for known vulnerabilities, ensuring a thorough baseline assessment before deeper testing.
N – Next Steps Recommendations: Provide actionable insights and remediation strategies to address the vulnerabilities found, helping organizations strengthen their security posture.
Identify bugs, flaws, and system misconfigurations
Cyber threats are constantly evolving, and your business needs to stay ahead of the curve. At Proactive Risk, we offer Vulnerability Assessment Services tailored to your company's size and scope. Whether you're looking for a one-time evaluation or continuous monitoring, we provide the insights you need to protect your business from criminal hackers.
Proactive Risk provides comprehensive manual assessments alongside AI-driven, self-service assessments through our AllSecure platform. Connect with our team to explore how we can guide you on your journey toward effective risk mitigation
Proactive Risk provides comprehensive manual assessments alongside AI-driven, self-service assessments through our AllSecure platform. Connect with our team to explore how we can guide you on your journey toward effective risk mitigation
Continuous Vulnerability Assessments
Cybersecurity is not a one-time task. With our continuous vulnerability assessments, you get ongoing protection. We scan, assess, and report on your vulnerabilities every month, ensuring you’re always aware of your exposure to cyber threats. This proactive approach helps prevent attacks before they happen, giving you peace of mind that your business is always secure.
- Monthly assessments and updates on new vulnerabilities
- Ongoing support to address emerging threats
- Ideal for medium to large enterprises or businesses with complex IT infrastructures
Why Choose Proactive Risk?
- Tailored solutions for businesses of all sizes
- Expert cybersecurity team with years of experience
- Flexible service offerings—one-time or continuous protection
Your business can’t afford to be vulnerable. Let us help you protect it.
Scoping Questions
External Penetration Testing
Internal Penetration Testing
Social Engineering Campaign - Call for pricing
Web Application Assessment - Call for pricing
Mobile Application Assessment - Call for pricing
Web Application Assessment with Mobile App - Call for pricing
AWS Configuration Review - Call for pricing
Azure/Microsoft365 Configuration Review - Call for pricing
Wireless Assessment - Call for pricing
- Active Hosts/IPs: Please provide the approximate number of active hosts/IPs exposed to the internet across office, datacenter, and cloud infrastructure.
- Testing Restrictions: Are there any day/time restrictions for the testing?
- Reporting Requirements: We normally provide a single report with an executive summary, technical details, and third-party attestation. Do you have any additional reporting requirements for this project?
- Deadlines: Are there any specific deadlines for project execution and report delivery?
- Security Controls: Are there any existing security controls (e.g., WAF, IDS/IPS) that we should be aware of?
Internal Penetration Testing
- Internal Environment Size: Please provide the approximate size of the internal environment across all offices, datacenters, and cloud infrastructure, including the number of network-connected systems (endpoints, servers, infrastructure). Approximate numbers are acceptable (e.g., 100, 250, 500, 2000).
- Number of Employees: How many employees are there in the organization?
- Testing Restrictions: Are there any day/time restrictions for the testing to be conducted?
- Reporting Requirements: We normally provide a single report with an executive summary, technical details, and third-party attestation. Do you have any additional reporting requirements for this project?
- Onsite Requirement: Our standard engagement is performed remotely via a supplied virtual machine or hardware. Please specify if onsite presence is a requirement for this project.
- Deadlines: Are there any specific deadlines for project execution and report delivery?
- Security Policies: Are there any internal security policies or procedures we should be aware of?
Social Engineering Campaign - Call for pricing
- User Count: Please provide the approximate number of users that would be part of the campaign(s).
- Campaign Types: Would you like to use multiple types of campaigns for different departments?
- Phone-Based Campaign: Would you like to include a phone-based social engineering campaign?
- Target Discovery: Would you like us to do target discovery, or will a target list be provided?
- Specific Scenarios: Are there any specific scenarios or high-value targets you want to focus on?
Web Application Assessment - Call for pricing
- Application Details: Please provide the name and, if available, the URL of the application.
- Functionality Description: Please provide a brief description of the application's core functionality, target users, and their capabilities.
- User Input Pages: Approximate number of user input pages.
- User Types: How many different user type profiles exist within the application (e.g., standard user, client admin, site admin)?
- Public APIs: Are there any publicly facing APIs? If so, can you provide API documentation? If not available, then an approximate number of API endpoints.
- Testing Restrictions: Are there any day/time restrictions for the testing?
- Source Code/Logs: Can access be provided to the application source code and/or logs? While not required, access to code and logs can improve coverage and accuracy of the assessment.
- Reporting Requirements: We normally provide a single report with an executive summary, technical details, and third-party attestation. Do you have any additional reporting requirements for this project?
- Specific Standards: Does this application require an OWASP ASVS Cloud Application Security Assessment?
- Deadlines: Are there any specific deadlines for project execution and report delivery?
Mobile Application Assessment - Call for pricing
- Application Details: Please provide a brief description of the application's core functionality, target users, and their capabilities.
- User Types: How many different user type profiles exist within the application (e.g., standard user, client admin, site admin)?
- Public APIs: Public API information – application API documentation the mobile app uses, if available, or the number of API endpoints.
- Mobile Platform: What is the mobile application platform (iOS and/or Android)?
- Certificate Pinning: Does the application use certificate pinning? If so, can a debug build be provided to allow for data transmission analysis?
- App Build: Can you provide an application build outside of the native app store (APK/IPA application file for Android and IPA build for x86 iOS simulator)?
- Reporting Requirements: We normally provide a single report with an executive summary, technical details, and third-party attestation. Do you have any additional reporting requirements for this project?
- Deadlines: Are there any specific deadlines for project execution and report delivery?
Web Application Assessment with Mobile App - Call for pricing
- Application Details: Please provide the name and, if available, the URL of the application.
- Functionality Description: Please provide a brief description of the application's core functionality, target users, and their capabilities.
- User Input Pages: Approximate number of user input pages.
- User Types: How many different user type profiles exist within the application (e.g., standard user, client admin, site admin)?
- Public APIs: Are there any publicly facing APIs? If so, can you provide API documentation? If not available, then an approximate number of API endpoints.
- Testing Restrictions: Are there any day/time restrictions for the testing?
- Source Code/Logs: Can access be provided to the application source code and/or logs? While not required, access to code and logs can improve coverage and accuracy of the assessment.
- Mobile Platform: What is the mobile application platform (iOS and/or Android)?
- Certificate Pinning: Does the application use certificate pinning? If so, can a debug build be provided to allow for data transmission analysis?
- App Build: Can you provide an application build outside of the native app store (APK/IPA application file for Android and IPA build for x86 iOS simulator)?
- Reporting Requirements: We normally provide a single report with an executive summary, technical details, and third-party attestation. Do you have any additional reporting requirements for this project?
- Deadlines: Are there any specific deadlines for project execution and report delivery?
AWS Configuration Review - Call for pricing
- AWS Accounts: How many AWS accounts are in scope?
- Account Management: Are you using AWS Organizations (ORGs) or is there another way these accounts are centrally managed?
- EC2 Instances: Approximately how many EC2 instances within each tenant?
- IAM Roles: How many IAM roles exist across all accounts?
- VPCs: How many VPCs within each tenant?
- Custom IAM Roles: Approximately how many custom IAM roles are in scope?
- Public IPs: How many public-facing IPs are there?
- Serverless/API Services: Are you utilizing AWS API Gateway, Lambda, Cognito, ECS, or any other AWS "serverless"/API offering?
- RDS Instances: Are there any RDS instances (AWS managed database)?
- Reporting Requirements: Are there any specific deadlines for project execution and report delivery?
Azure/Microsoft365 Configuration Review - Call for pricing
- Tenants: How many Azure/Microsoft365 tenants are in scope?
- Licenses: Please provide the type and approximate number of Azure/Microsoft licenses in use within each tenant.
- Infrastructure: Apart from Azure AD, is there any infrastructure in use within the Azure tenant? If so, please provide details.
- Reporting Requirements: Are there any specific deadlines for project execution and report delivery?
Wireless Assessment - Call for pricing
- Physical Locations: Provide a listing of all physical locations that are in scope for the wireless physical test. For each location, please include:
- Address or city, state.
- Type (office building, factory, campus, plant).
- Approximate size in square feet, number of floors, etc.
- Approximate number of employees at the location.
- Number of SSIDs at the location.
- Testing Restrictions: Are there any day/time restrictions for the testing?
- Reporting Requirements: Are there any specific deadlines for project execution and report delivery?
- Security Policies: Are there any internal security policies or procedures we should be aware of?