Vulnerability Scanning

RESCOR conducts intelligence gathering (discovery) and automated scanning of the scoped systems. Our security experts use scan results as the basis for comprehensive research and analysis — not as the final deliverable. Many firms simply provide an annotated report of automated scan findings. RESCOR's expert research reduces nuisance findings and false positives while identifying vulnerabilities that automated tools miss.

Penetration Testing

RESCOR performs a vulnerability scan, then uses a combination of automated tools and human expertise to attempt to gain unauthorized access to the scoped systems. Penetration testing significantly reduces false positive findings. Because a penetration test has more permissive rules of engagement, RESCOR often identifies vulnerabilities that are not detected by a vulnerability scan alone.

Application Testing

Application testing provides assurance that your applications — especially web applications and APIs — are secure. RESCOR uses automated tools combined with decades of programming expertise to analyze applications for security flaws including parameter and boundary checking errors, excessive privileges, SQL injection, cross-site scripting (XSS), authentication bypass, insecure deserialization, and other OWASP Top 10 vulnerabilities.

Configuration Analysis

RESCOR analyzes the actual configuration of selected systems and networks as a trusted insider (sometimes referred to as a Network Architecture Review). Configuration analysis identifies problems that are not apparent from external testing, and is the only way to categorically disprove the existence of certain vulnerabilities. This includes cloud configuration review for AWS, Azure, and GCP environments.

Social Engineering

RESCOR uses phone, email, web, and on-site covert research and subversive access attempts (pretexting) to test the strength of your policies, staff training, and technical controls. Social engineering identifies failures in security awareness and information handling practices that may allow an attacker to obtain valuable information from unsuspecting or uninformed employees.

Why RESCOR Testing Is Different

Expert Research

Our expert research and analysis identifies 20-50% more critical vulnerabilities than automated tools alone. Automated scanners are the starting point, not the deliverable.

Quantitative Reporting

All results are reported using STORM quantitative risk measurement — consistent across all test types, immediately understandable to all audiences from the Board to technical staff.

Service After the Test

RESCOR provides post-remediation report updates at no additional charge. When you fix the findings, we update the report to reflect your improved posture.

Programming Expertise

Our testing team has decades of software engineering experience across all major platforms and languages. We find vulnerabilities that testers without development backgrounds miss.

Experience

More experience than most organizations — including those much larger than RESCOR. Thousands of tests since 1994 across every industry and platform.

Security testing is one component of a comprehensive SGRC program. Learn about RAPID — RESCOR's methodology for building and maintaining complete security programs — and StrongCOR subscription engagements that include scheduled testing along with governance, risk management, and compliance support.