Frequently
asked
questions

In a rapidly evolving world, we encounter new challenges, particularly in the realm of cyber security. To address common inquiries, we have provided a selection of frequently asked questions below. If you don't find the answer you're seeking, please don't hesitate to reach out to us. We are more than happy to help.

A vulnerability assessment identifies if an organisation’s systems/applications have potential known security vulnerabilities. It involves one or more automated vulnerability scans, followed by a prioritised list of the vulnerabilities found, the severity and generic remediation advice. Scanning software is limited to identifying only vulnerabilities it has signatures for (such as out-of-date software updates, incomplete deployment of security software etc.). It cannot consider business logic or find unknown vulnerabilities. Scans include networks, web applications, source code and ASV for PCI DSS.

A penetration test has a much greater potential breadth of scope and depth than a vulnerability assessment. It should only be conducted by certified cybersecurity professionals who use their experience and technical abilities to mimic multiple types of attacks used by a cybercriminal, targeting both known and unknown vulnerabilities. Unlike a vulnerability scan, where identified vulnerabilities are not exploited, in a penetration test, the tester will modify their approach to provide proof of exposure through exploitation to gain access to the security systems or stored sensitive information that a malicious attack could compromise.