JSC State Technical Service

Main / Instrumental verification of e-government informatization objects for vulnerabilities

Instrumental verification of e-government informatization objects for vulnerabilities

Instrumental verification of e-government informatization objects for vulnerabilities includes analysis of the source code and scanning of GO information systems to search for vulnerabilities.

1. Analysis of the source code to identify software errors that may lead to the implementation of information security threats includes:

• verification of the provided source codes using the source code analyzer;

• analysis of identified vulnerabilities for the presence of “false” positives;

• formation and issuance of recommendations for the elimination of identified vulnerabilities

2. Scanning of GO information systems using specialized software to search for vulnerabilities in the penetration testing, audit, compliance control modes. Based on the results of the scan, recommendations are issued to eliminate the identified vulnerabilities

1) Penetration testing includes:

• vulnerability search by vulnerability databases;

• checking password protection;

• “fuzzing” (transmitting random data instead of the data expected by the system),

• “brute force” (password selection by “brute force” or otherwise brute force);

2) The audit includes:

• update control;

• inventory check;

• getting more information about the system;

• collecting configuration parameters;

• detection of configuration errors;

3) compliance control mode includes:

• checking for compliance with the requirements of standards.