Vanguard Brand Protection - Managed Service FAQ

1. How do I sign up for the managed remote web application security testing service?
    
2. Can I request web application audits without signing up to the Managed Service?
    
3. What tools do you use for your managed remote web application security testing service?
    
4. How much does the Brand Protection Managed Service Cost?
    
5. What security does Brand Protection provide to access the Customer Secure Area?
    
6. What is the relationship between Brand Protection and Vanguard Technologies?

How do I sign up for the Brand Protection Web Application Security testing services?

The first step is to contact Vanguard Technologies by either contacting one of our partners or phoning our London ofice.  Having registered your interest one of our account managers will make an appointment to see you to determine your requirements.

Initial Discovery Meeting
During this initial meeting we will seek to determine your objectives in order that we can determine the best way to integrate our services into your IT or Security Strategy. For example, we need to know if you are seeking to implement testing throughout the development lifecycle of your web applications or just testing your production web sites.  The features and benefits of the different levels of our managed service will be outlined. 

Technical Evaluation
A technical meeting will then be arranged with your technical staff.  At this meeting further information will be gathered, such as the number of web sites to be tested, the domainsURLs to be included and the identification of links that should be excluded from testing  (such as links to external sites).   Based on our technical evaluation of your requirements together with your strategic objectives and budgetary constraints we will make recommendations as to the Managed Service Level most appropriate for you.

Development of Security Test Scripts
Once we have agreed on the best Managed Service Level for your needs one of our web security test consultants will meet with the your technical and business teams to generate the required test scenarios including test account names and passwords.  Typically these test scenarios will reflect expected and unauthorised behaviour at different stages during the execution of each web application. All required data for interactive forms will be determined at this stage.

The test data, together with any associated scripts will be hosted on the Customer Secure Area within Vanguard Technologies Operations Centre website.

Control using the Secure Customer Secure Area

Once the test data is located on your Secure Area of our Operations Audit Server you will be able to access the server on demand to request a remote security audit of any one, or all of the web servers that have been registered against a given Service Level.   Depending on the Service Level agreed between 4 hours to 48 hours notice will be required to initiate a remote audit.

Access to the your Secure area will be over the Internet, using an encrypted SSL connection.  Since you will be using HTTPS protocols to connect to our server, this should not require any firewall configuration changes.

The Brand Protection Web Security Testing Process
During the remote web security test process the following steps will be undertaken:

1.       Crawl Stage
During this stage the test engine will crawl all over the web site(s) being tested discovering all the relevant links and recognising the application security policy.

2.       Analysis Stage
During the analysis stage the test engine, using an Expert System, identifies known/unknown vulnerabilities specific to the sites being tested.  After identifying the vulnerabilities the test engine, again using the Expert System, generates mutated links that will be used in the Attack Stage.  The Expert contains a complete knowledge base of vulnerabilities and known hacking techniques.

3.       Attack Stage
During the attack stage, according to the test script generated, different types of attack will be initiated automatically against the web site under test.   Additional manual tests may be conducted depending on the Service Level Agreement.  The test engine sends the mutated links to the web site under test and reports the attack results by severity and success rating.

4.       Reporting Stage
Customer reports are generated and will include advice and recommendations for fixing each vulnerability.   These vulnerabilities will be placed on each Customer Secure area on our Secure Server, awaiting access by the customer.

Depending on the Service Level selected the you can request any number of application tests, access your Secure area to change parameters, or read test reports.   Customers will be able to invite Vanguard consultants to come on site to help them understand the test reports and schedule report recommendations. Vanguard consultants will also be available for telephone consultations.

What tools are used to power Brand Protection Managed Web Application Managed Services?

Vanguard uses the leading Web Application Scanning tool kits available within the market place to power its remote web application security testing services. However we are continually evaluating other tools for use in Web Application Security Testing

Can I request web application audits without signing up to Brand Protection Managed Service?

Yes.  We expect many of our customers to request on-site or remote application audits without signing up to the Managed Service.  In fact many of our customers who request single web application audits eventually go on to sign up to our Managed Service.

How much does the Vanguard Brand Protection Managed Service cost?

Vanguard Brand Protection managed service costs depend on the number of web sites to be tested, the site complexity and the service level required.   There are substantial discounts for the bulk purchase of test burns. Contact your account manager for further details.

What security does Brand Protection provide to access the Customer Secure Area?

Our customers connect to their Secure Area over the Internet from their browser using an SSL link.  Customers need to authenticate themselves using user name, password and a client certificate that is issued by Vanguard.  For further information see our Security and Privacy policies.

What is the relationship between Vanguard Brand Protection and Vanguard Technologies?

Vanguard Brand Protection Managed Service is a service of Vanguard Technologies Limited.  Vanguard Technologies Limited is a private company registered in Ireland with offices in Dublin and London.