Configuration verification and identification of potential server-side errors
The aim of such tests is to verify the correctness of security mechanisms configuration in the infrastructure, including network devices, servers, storage arrays, operating systems, network services, and server applications such as application servers or databases.
The results of automated tests conducted in a given environment are precisely analyzed by the testing team. This process relies on searching known vulnerability databases such as NVD, CVEDetails, Exploit-DB, NullByte, and other online resources. Its goal is to identify potential security gaps in the identified and verified versions of applications. The obtained results are then thoroughly analyzed in the context of preparing attack simulations.