The Full FrimScan
Running a Full FrimScan on your WordPress website includes:
​
Here's an inventory of what you get when you order The Full Frimscan pentest for your Wordpress website.
​
FrimDawg and FrimCat:
Out team will use our in-house tools to complete major aspects of the vulnerability scan and penetration test that other tools miss.
-
FrimCat: Our in-house active detection (Aggressive Detection) tool finds problematic defaults and common misconfigurations that are leftover from the initial installation of the Wordpress. Using trade secrets, FrimCat is able to sneak past the most advanced firewalls, IDS and IPS without being detected. Additionally, some quasi-illegal features of other Wordpress scanners have been reverse engineered and nerfed to provide valuable data without breaking any laws whatsoever.
-
FrimDawg: Our in house Google Dorking tool that uses advanced Google searches to rapidly find dangerous information that your Wordpress site is openly making available to anyone with access to Google.
​
NMAP:
A common network mapping tool on Kali Linux. Our team will scan all ports in your network to see which ones are open, and use all known scripts to find all known vulnerabilities. The NMAP scan is important for making sure that there aren't any neglected backdoors or forgotten ports left open.
​
This Kali Linux tool looks for weaknesses in the hosting and servers that are hosting your Wordpress site, and checks to make sure all servers and dependencies are up-to-date and that no security gaps exist on the infrastructure side of things.
​
A comprehensive Wordpress scanning tool on Kali Linux that checks all plugins and CMS components to make sure they are not vulnerable to known exploits.
​
Other Kali Linux tools:
Our team may need to use other tools to complete the scan. These include Gobuster or Ffuf for finding subdomains and subfolders, Cewl for building lists of risky words to avoid using in passwords and folder names, and SQLmap for database mapping and SQL injections. We also may use Burp Suite or Nuclei for certain actions that the other tools are not able to carry out.
​
Configuration Checkup:
We'll have a look at some important Wordpress configurations and help you fix any misconfigurations or errors, making sure that there isn't a security risk that can easily be mitigated.​
​
Remediation Checklist:
Once the scan is completed, Frimscan provides a clear and concise spreadsheet with all the items that need to be fixed on your Wordpress website. We'll also explain why each of the items poses a risk, and a few common ways to fix each problem.
​
Concise Pentest Reports:
Frimscan delivers concise pentesting reports that serve their function at all levels on an organizations. This includes an executive summary for the c-suites, colorful charts and graphs for the Information Security team to help quantify and prioritize the threats, and a crude spreadsheet list for the webdev team to use in planning the work to be done for fixing all the issues.
Frimscan understands that there is no value in finding issues that won't be fixed, so we endeavor to provide accurate reports that help the decision making process of fixing the issues.
Follow up scans:
The above process is repeated as many times as needed until we find no more issues to fix. We provide as many scans that you require for a period of up to 12 months from the initial scan. If you redo your website within that 12-month period, then we'll include full guidance (at no extra charge) on how to build the most secure Wordpress website from the start.
​
Resiliency Planning and Incident Response:
Frimscan also provides guidance to help you in setting up robust backups of the entire Wordpress website. This way, if anything unexpected happens, you can fully restore your website with minimal downtime.
​
Additionally, we'll help you build an incident response plan, so that if something happens, your team is familiar with what to do next.
​
Bottom Line:
The most important value that Frimscan delivers is that your WordPress website will be very secure and heavily protected against a full range of cyber threats, and will be resilient against new and emerging threats.
​