Managed Vulnerability Scans
Driven and managed vulnerability scans meet your need for vulnerability detection on your perimeters of all sizes.
How do we perform vulnerability scans?
Definition of the perimeters to be scanned and the types of tests
Analysis and sorting of identified vulnerabilities
Manual verification to eliminate false positives and requalification of criticality
The identified vulnerabilities are qualified and the patches are integrated into an action plan, in French or English and in many formats.
We add our expertise to the results delivered by industry leaders to bring you clear, qualitative and contextualized results.
Our different types of scans
- Network scan
- Application scan
- PCI DSS ASV scan
Infrastructure scans verify system and network layers as well as software versions and configurations of exposed services.
Application scans provide in-depth analysis of web applications by testing pages, forms and user input against the OWASP repository. These scans can constitute a first control, complementary to the manual penetration tests if the pace of production of your applications is frequent.
PCI DSS ASV scan
XMCO also offers to perform the quarterly ASV (Approved Scanning Vendor) scans required for PCI DSS certification.
• Our teams verify the vulnerabilities identified and put them into context in order to determine which represent a potential non-compliance with the standard.
• If no proven non-compliance is identified, the results are submitted for certification. Our experts justify each of the non-conformities identified by the ASV scanner which turns out to be a false positive or which, put into context, does not represent any risk. Once the results of the scans have been validated and certified, we will issue the certificates to you.
• In the event of blocking non-compliance or vulnerability with a proven risk, we deliver each of the elements identified with detailed recommendations in order to allow their correction. We then carry out the counter-audit of the corrections made in order to obtain the certificate.