Frequently Asked Questions

What services do you offer?

We currently offer the following services
– Operating system scanning
– Layer-3 infrastructure device scanning
– Database scanning
– Non-production web application scanning
– Static code scanning
– Cloud container continuous monitoring
– Penetration testing

Why do you need credentials?

In order to perform a vulnerability or compliance scan, we require credentials with administrative permissions.  To facilitate this, you must provide us with one of the following:

– For operating system scans
  — Either, an Active Directory domain account that has been verified as active
  — Or, a dedicated scanning account with administrative privileges AND the associated password

– For database scans
  > Operating system
  — Either, an Active Directory domain account that has been verified as active
  — Or, a dedicated scanning account with administrative privileges AND the associated password

   > Database
    — A dedicated scanning account with administrative privileges AND the associated password

– For web application scans
   — Either, an Active Directory domain account that has been verified as active
   — Or, a dedicated scanning account with administrative privileges AND the associated password
   — Or, explicit confirmation that no credentials are required to access the application

What scanning tools and applications do you use?

For operating system scans we use Tennable Nessus

For database scan we use Trustwave DbProtect

For web application scans we use Micro Focus WebInspect

For static code scanning we use Micro Focus Fortify-on-Demand

for cloud continuous monitoring we use AquaSec

How long does is take to complete a scan?

The time necessary to complete the scan depends on several factors, including the type of scan performed and the number of assets to be scanned.

Single server operating scans can sometimes be completed in less than a few days, while web application scans for very large sites can take several weeks to complete.

It is recommended that you wait at least 5 business days from the date of a reoccuring scan before requesting a status update.

How to I obtain my scan results/report?

Once your scan has been completed, AIS-320 will hand-off your report to the AIS-210 team.  The AIS-210 team will in turn reach out to you with your completed report.