Things included in a security analysis
External perimeter security analysis
Scanning of available resources and searching for vulnerabilities in the operating system and network infrastructure
Web application security analysis
Verifying the attacker’s ability to gain access to web application components and sensitive information
Internal network security analysis
Inspecting the internal corporate network, employee personal computers, servers, and network devices
Social engineering
Assessing employees’ awareness of information security issues and their actions