Scope of Services
According to the number of specific objects to be evaluated (according to the above test list)
Outcomes
The results report includes the following contents:
- Overview of purpose and scope of implementation
- Summary of approach, method of implementation
- Summarize the results of found vulnerabilities, danger levels
- For each vulnerability: level of danger (critical, high, medium, low) /CVSS score, detailed description of the vulnerability, reference link, location/parameter with gaps in the system, analysis of exploitable capabilities from inside/outside the internet, proof of exploitation of errors (PoC), steps to reproduce the exploitation of errors…
- Remedies for each gap:
• Detailed troubleshooting instructions: according to each vulnerability listed corresponding to the list of systems in scope, instructions on repairing application code to fix, instructions on configuring the system to fix, download links of vulnerability patches, etc.
• Provide a risk mitigation plan or a temporary treatment plan for vulnerabilities that cannot be completely remedied.