Any security professional have his own way and tools to conduct vulnerability assessment , the problem that we have when using different security assessment tools that utilities produce several reports with different results.
This is not the only problem another important point is that these tools are expensive to purchase and depending on situation you may require it for just one time during the implementation and next time you will run a scan next year according to customer service level agreement.
COREvidence is a new project that comes to solve these issues and more, this is the First SaaS Security Solutions released and presented at Black Hat USA. The solution integrates a bunch of popular security scanners to conduct the following:
- Network scanning and discovering all devices and systems with multiple scanning engine.
- Web application and services scanning.
- Regulatory & Standards Pre-Defined Scanning Templates.
- Penetration Testing and Ethical Hacking On-Demand Toolkit
- VoIP Remote Security Scanner.
- Technical and Organizational Self-Assessment Questionaries’ (NIST, CIS, ISO27001, PCI DSS …)
- Frontal Resources Performance, Security and Malware Monitoring Tools.
- Tools (Open Source & Commercial) Scans & Probes Import Capabilities.
- IT Vulnerability and Tools Watch Service.
First of all you start by creating an account and you will have the opportunity to add an asset that you are looking to scan, on the right side of the dashboard your balance and it will display 0 if you did not charge it.
Next you create new session and here you find the services provided by COREvidence including web application assessment, vulnerability assessment, VoIP Security assessment , Web Malware monitoring and website monitoring. You add an asset and start your job.
After you need to select the policy to use here you have three options normal, moderate and intrusive this will be depending on the target so if you know that they have an IPS to block connection you need to start by the normal and from the dashboard you can also schedule your scan so you can have it on a daily, weekly, monthly or even annually based.
I have launched a Web Application Assessment for test and the report listed all discovered vulnerabilities with description, Risk, Impact and Solution. Also it will be possible to check the global view with Web vulnerability coverage if you are looking for a constant monitoring option.
If you are looking for a fast and easy to use scanner you need to consider COREvidence with no purchasing license, no installing or complicated application, no updating as the service use by default latest definition and you will be able to use several scanners to detect vulnerabilities in different systems (Windows, Mac OS, Linux), including installed on virtual machines, protocols and Applications.