Vulnerability Assessment

We maintain a commercial license of Nessus, and also use Ghidra, an open software reverse engineering (SRE) framework created and maintained by the National Security Agency (NSA) Research Directorate. Once software products and libraries are identified, they will be matched with the Common Product Enumeration (CPE) product names disclosed in the National Vulnerability Database (NVD). Through this process we will assess products to examine if they include any known vulnerability (CVE). For cases that we have access to the actual source code, we will use a set of tools from the Open Worldwide Assplication Security Project (OWASP) community to assess and review the security of each product. Examples of tools that we have previously worked with are OWASP Zap and OWASP Dependency-Check.

ESL Global Cybersecurity Institute

Our state-of-the-art Cyber Range and Training Center, located at the ESL Global Cybersecurity Institute on RIT’s campus in Rochester, NY. It is capable of hosting more than 5,000 virtual machines simultaneously in immersive scenarios, enabling Executive Incident Response Training, Threat Intelligence and Emulation Training, and more.

Within this infrastructure, we are able to introduce threat intelligence systems in scale replicas of any massive, global business, with specific focus on healthcare, energy, and finance. The Cyber Range and Training Center provides alternate reality instructional vignettes for cohorts of corporate leaders and IT security professionals to experiment and learn, facilitating research opportunities in the most critical of industries.