Vulnerability Assessments

  • Home
  • Vulnerability Assessments
Vulnerability Assessments

A Vulnerability Assessment of your infrastructure provides you with a high-level overview of potential security weaknesses.

Vulnerability scans of your internal or Internet-facing infrastructure provides you with a cost-effective solution to quickly identify vulnerabilities that may be present. Typical vulnerabilities include missing operating system patches, outdated software, obsolete operating systems, default credentials and many other cyber-security weaknesses that may be very quickly identified by malware or an attacker who has already gained physical access to your network.

Not all companies require a penetration test to successfully evaluate their security posture.  Regular vulnerability assessments are often an alternative.  A consultant performs vulnerability scanning to search systems for known vulnerabilities without exploitation attempts with an end goal of providing a remediation report prioritised on risk.

As with all vulnerability assessments, there is a possibility that “false positive” results may be present in the assessment findings. Furthermore, some vulnerabilities that would only be identified during a manual penetration test may not be identified, as very often, identifying these vulnerabilities is only possible through manual testing. If you require a security assessment of your environment which is representative of a real-life attack, we would strongly recommend considering a manual penetration test, as this will provide you with a more accurate set of test results.

Methodology

Using the latest scanning tools and techniques, we conduct a full vulnerability assessment on the given IP address range. This assessment serves to provide you with an up-to-date snapshot of the vulnerabilities on both the internal and external network that may be exploited by a malicious attacker. A full port scan is also included and all available services are checked to ascertain if they have known vulnerabilities present.

Prerequisites

  1. A signed & completed Testing Consent Form
  2. List of IP addresses or hostnames to be assessed