Best results from

different approaches

Very different results can be obtained depending on which standards, approaches and methodologies are used during a vulnerability discovering solution. We use latest standards and methodologies for our clients that want to have secure systems and fix cyber security vulnerabilities.

A black silhouette of a dragonfly inside a black circle.

OWASP

Black and white anatomical illustration of human bones, including skull, spine, ribs, pelvis, and limbs, with detailed labels.

NIST

PTEST

ISSAF

The OWASP (Open Web Application Security Project) Testing Guide is a comprehensive manual for web application security testing.

OSSTMM

OSSTMM (Open Source Security Testing Methodology Manual) is a peer-reviewed methodology for performing different type penetratio tests.

The National Institute of Standards and Technology (NIST) provides a comprehensive guide for conducting information security assessments.

PTES (Penetration Testing Execution Standard) is a set of guidelines and technical resources for conducting penetration tests.

ISSAF is a framework developed by the Open Information Systems Security Group (OISSG). It is designed for auditing, penetration testing, and security testing.

CREST

CREST (Council of Registered Ethical Security Testers) provides standards and a code of conduct for penetration testers. We also follow CHECK standards.

Using severities

Considering the long and short term effects of the vulnerabilities determined during the Wiseep scans, it is very important to report them with the correct priorities. Priorities and details uses by Wiseep are like below.

to see risks of bugs

These are vulnerabilities representing the most serious security concerns in terms of the combination of likelihood and impact. They should be addressed urgently.

Silhouette of a person sitting at a desk with a laptop, surrounded by books, in a study room.

Critical

These are vulnerabilities representing a high security concern in terms of the combination of likelihood and impact. They should be addressed urgently.

Black silhouette of a duck standing on a flat surface

High

These are vulnerabilities representing significant security concerns. Whilst Critical and High vulnerabilities should be prioritised, it remains important to address.

Black and white photograph of a musical instrument, specifically a keyboard or piano.

Medium

These are vulnerabilities representing weaknesses with limited risk. It is recommended that these issues are remediated, but, risk can be accepted.

Black silhouette of a bald eagle with wings spread, clutching an olive branch in one talon and arrows in the other, on a white background.

Low

CATEGORIZING OF

Vulnerability types?

To facilitate the understanding and tracking of security vulnerabilities, we categorize them into various groups. This structured approach allows us to systematically identify, assess, and address potential threats. The security vulnerability categories we use at Wiseep are designed to cover a wide range of potential issues. These categories help our team prioritize and manage vulnerabilities effectively, enhancing our overall security posture.

 Information Leakage
 Configuration Management
 Deployment Management
 Identity Management
 Denial of Service Issues

 Authentication
 Authorisation
 Session Management
 Input Validation
 Client-Side Handling

 Error Handling
 Business Logic 
 Lack of Update
 Upgrade Issues
 3rd Party Issues

CATEGORIZING OF

Root Cause of bugs?

 Developer Awareness
 Admin Awareness
 Insufficient Investment

 Policy Decision
 Process Failure
 Insufficient Resource

 3rd Party Management
 Staff Awareness 
 Lack of Architecture