FAQ
What is a CVE?
A CVE (Common Vulnerabilities and Exposures) is a unique identifier assigned to a known security flaw (e.g. CVE-2024-12345). This system, maintained by the MITRE Corporation, allows security professionals to reference the same vulnerability universally. In 2025, more than 48,000 new CVEs were published (+20% vs 2024).
What is a network audit?
It is a diagnostic assessment of the architecture and configurations of your infrastructure (routers, firewalls, switches, etc.) to identify potential security vulnerabilities or bottlenecks.
What is a network security audit?
A network security audit is a systematic assessment of a company's IT infrastructure: device mapping, traffic analysis, verification of firewall rules, remote access (VPN) and network segmentation. It is carried out in accordance with ISO 27002 and NIST CSF standards and produces a vulnerability report classified by criticality with a prioritised action plan. At Bexxo, our audits cover 10 to 20 control points depending on the chosen package.
What is a network security audit?
A network security audit is a systematic assessment of a company's IT infrastructure: active equipment (routers, switches, firewalls), segmentation, communication protocols, access management and encryption levels. At Bexxo, our audits reveal on average 3 to 5 critical vulnerabilities per SME infrastructure.
What is a penetration test (pentest)?
A penetration test, or pentest, is a security assessment that involves simulating a real attack on a computer system, network, or application in order to identify exploitable vulnerabilities. The goal is to detect weaknesses before an attacker discovers them, and to provide concrete recommendations to strengthen security.
Unlike purely documentary audits, a pentest relies on offensive techniques similar to those used by hackers. It may include exploiting software flaws, compromising accounts, or traversing firewalls. It is often performed in addition to an automated scan to assess not only the presence of vulnerabilities, but also their actual exploitability in the target context.
What is a web cybersecurity audit?
A web audit involves an in-depth analysis of the vulnerabilities of a website or online application: penetration testing, source code review, server configurations, etc.
What is a web security audit?
A web security audit is a methodical assessment of a website designed to identify exploitable vulnerabilities (SQL injections, XSS, CSRF, misconfigurations) and verify compliance with ISO 27001 and NIST CSF standards. At Bexxo, our audits cover 10 to 20 control points depending on the chosen package.
What is a website security audit?
A website security audit is a methodical examination of a website's vulnerabilities: application flaws (OWASP Top 10), SSL/TLS configuration, HTTP security headers, access management and compliance with ISO 27002 and NIST CSF standards. It produces a report with a list of flaws classified by criticality and a prioritised action plan. At Bexxo, our audits cover 10 to 20 control points depending on the chosen package.
What is cybersecurity consulting?
Cybersecurity consulting is a strategic support service provided by external experts designed to assess an organisation's risks, define an appropriate security policy and oversee its implementation. At Bexxo, our consultants draw on the ISO 27002:2022 standard and the NIST CSF framework to structure each engagement.
What is cybersecurity training in the workplace?
Cybersecurity training in the workplace is a structured programme that teaches employees to recognise and avoid everyday cyber threats: phishing, social engineering, weak passwords, risky behaviours. Unlike purely technical solutions, it addresses the main vulnerability of organisations: the human factor. At Bexxo, training combines real simulation via PhishTrainer (fake phishing email campaigns) and interactive learning via Bexxo Academy (modules, quizzes, videos). 68% of data breaches involve human error (Verizon DBIR 2024).
What is phishing?
Phishing is an online fraud technique that involves sending emails, SMS, or messages that imitate legitimate communications (bank, government agency, employer) to trick the victim into revealing confidential information — passwords, banking details, professional credentials. Phishing is the most widely used attack vector: 91% of cyberattacks start with a fraudulent email (Proofpoint 2024).
What is ransomware recovery?
Ransomware recovery is an emergency intervention process designed to restore access to data and systems encrypted by an attack, without yielding to cybercriminals' demands. It includes forensic analysis of the malware, searching for decryption tools, restoration from backups and, if necessary, data extraction directly from physical media.
What is spear phishing and why is it more dangerous?
Spear phishing is a targeted variant of classic phishing: instead of sending millions of generic emails, attackers personalize the attack using real information about the victim (manager's name, ongoing project, supplier name). This targeting makes the email far more credible. Spear phishing accounts for 66% of confirmed data breaches (Verizon DBIR 2024). With AI, attackers can now generate these personalized emails at scale — the cost of a targeted attack has dropped considerably.
What is the OWASP Top 10 and how is it used in Bexxo web audits?
The OWASP Top 10 is the world's reference list of the 10 most critical categories of web vulnerabilities, maintained by OWASP (Open Worldwide Application Security Project). It covers SQL injections, authentication flaws, sensitive data exposure, Cross-Site Scripting (XSS), security misconfigurations and other major application attack vectors. Our web audits rely on this taxonomy to structure tests, classify detected vulnerabilities and prioritise recommendations in reports — ensuring coverage aligned with the standards recognised by application security professionals worldwide.
What is the Swiss Cyber Safe label?
Cyber Safe is a Swiss cybersecurity label that certifies that the labelled company applies appropriate and recognised IT security measures. It is accessible to SMEs as well as large organisations and provides a structured framework to strengthen digital security posture. The label is awarded after an assessment of the company's practices against defined criteria. Bexxo is an affiliated partner of Cyber Safe: we support clients who wish to initiate or consolidate a labelling process.