Vulnerability and Penetration Testing Services
Concero partners with industry-leaders in the IT security industry to offer vulnerability testing. This service enables you to accurately find and help resolve the most critical web application vulnerabilities, including: SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF) and URL redirection. These vulnerability tests are required to comply with a wide range of regulatory mandates (PCI DSS, SOX, HIPAA, GLBA, etc.) and are typically scheduled to be performed quarterly and after major code or system configuration changes. You can be sent the results of the test directly or you can have our Security Team review the results and provide you with the report and, if necessary, investigate and suggested steps to remediate any security issues that are identified.
Penetration testing takes the vulnerability test to the next level. It will not only identify a possible vulnerability, it will attempt to exploit it and escalate privileges to gain control of the system. Automated tools are used in both the exploration and exploitation phases of a penetration test. However, a key differentiator between penetration testers is their ability to perform manual exploits of the system. We will permit Penetration Testing by a third-party under certain conditions and with our written approval. We do not support “Black Hat” type penetration testing. It is a violation of our terms of services to attempt to hack our technology, people and processes without our written approval. Also, we do not allow some forms of “White Hat” penetration testing which requires information about our underlying hosting infrastructure or processes be provided to the tester.