Due to recent discovery of the Linux BASH “Shellshock” vulnerability, Superior has introduced a limited-time, discounted testing service to evaluate your information technology infrastructure for vulnerability to this exploit, as well as the OpenSSL “Heartbleed” vulnerability discovered earlier in 2014. The Federal Financial Institutions Examinations Council (FFIEC) has released guidance addressing these vulnerabilities, which can be found at this link. We are presently offering two discounted options for organizations that desire to validate these vulnerabilities are not present in their environments or have been effectively remediated.
The first option is the performance of a vulnerability assessment targeting externally-accessible devices that we can access from the Internet without authenticating to your network. This service has been discounted to $795 for one off-site assessment. In addition, we will perform one follow-up test at no-charge in the event we determine either the Heartbleed or Shellshock vulnerability is present for devices scanned in the initial assessment.
The second option is an assessment of both externally-accessible devices as well as any designated internal devices (specified by IP address) that are present in a DMZ or within your internal network. This more expansive option has been discounted to $1,495 for one off-site assessment. As with our external assessment, we will perform any remediation testing at no cost in the event these vulnerabilities are discovered during our initial test.
As with our other penetration testing and vulnerability assessment services, these tests are non-exploitative in nature and we will not attempt to utilize these vulnerabilities, if discovered, to gain access to other privileged systems or make a definitive determination that exploitation of the vulnerability could lead to exposure of sensitive data.
This advertisement represents an ‘invitation to treat’ and any acceptance of the advertised terms will not be considered a binding contract, which requires the written execution of an engagement letter with Superior Consulting, LLC. This engagement letter includes additional restrictions and limitations regarding the advertised service and must be executed before the commencement of these services. The terms stated above, as well as through any mailings, brochures, or electronic advertisements, may be amended, or this advertisement may be revoked or cancelled, at any time by Superior Consulting, LLC, with or without notice.
As advertised above, the stated service fee will cover the performance of external, off-site penetration testing services for up to 25 individual external Internet Protocol (IP) addresses or nodes and/or 100 individual internal IP addresses specified by the client (based on the selected service offering). This testing will be conducted using automated tools of our choice and we will rely upon information provided to us by the client in the performance of this test. At the conclusion of our testing, we will issue a report to the client in electronic format via secure e-mail or our secure website.
The terms advertised above are only available to formally organized business or non-profit entities located in the United States. Entities located outside the United States should contact us for further information regarding these services.