Below is a brief listing of the tools we offer with a one-time license. For a complete list that includes pricing, please consider subscribing to scGRC.com

• Network Device Configuration Analysis – a comprehensive analysis of a core switch or firewall configuration.
  • Technical review of each setting/configuration
  • Full analysis of each rule.
  • Analysis of risks permitted by existing rules
  • Policy configuration assessment
  • Routing configuration assessment
  • Network settings
  • Assessment of each rule based on named source, service, destination

• Database Security Assessment – a comprehensive assessment of a database’s security posture.
  • Known database-specific vulnerabilities
  • Database system configuration
  • Privilege Management
  • Object Permissions
  • Access Controls
  • Database and Application Integrity
  • Database patch management
  • Identification and password controls
  • Host operating system integrity

• Web-Application Assessment – a comprehensive unauthenticated and authenticated analysis of web-application-specific vulnerabilities. The assessment will cover risks in the following categories.

  ·Cross-site Scripting ·SQL Injection	·PHP File Include ·Parameter Deletion	·Buffer Overflow ·Format String	·Microsoft CGI Attacks ·CGI Attacks
  ·Remote Execution ·Directory/File Traversal ·CRLF Injection	·Special Parameter Addition ·Boolean Parameter Tampering ·Blind SQL Injection	·Integer Overflow ·Information Exposure ·Generic HTTP Attacks	·Microsoft IIS Attacks ·Common HTTP Device Attacks

   

• Directory Services Analysis – a complete analysis of Active Directory.  The report provides detailed findings regarding user provisioning, best practice standards, and current settings. 
  • Domain Structure
  • Domain Accounts Policy          
  • Domain Controller Policy Settings (Local Policy)
  • Audit Policy Settings  
  • Event log Settings       
  • Security Option Settings            
  • Group Policy Objects 
  • Password Setting Objects (PSOs)             
  • User Accounts Defined In The Domain 
  • Groups Defined In the Domain               
  • Domain Local Groups and their Members            
  • Domain Global Groups and their Members          
  • Last Logons, 30 Days and Older             
  • 30 Days and Older     
  • Passwords that Never Expire    
  • Accounts not Requiring a Password       
  • Invalid Logon Attempts Greater than 3
  • Users not Allowed to Change Passwords               
  • Accounts with Expiry Date       
  • Rights and Privileges  
  • Descriptions & General Recommendations for Rights        
  • Server Roles and Features        
  • Security Updates, Patches and Hot-Fixes              
  • Current Network Connections 
  • Network Shares           
  • File Permissions and Auditing

Vulnerability Assessment – a technical report of the risks associated with systems assessed for known vulnerabilities.