Vulnerability Assessment


Vulnerability assessment is the process of identification and classification of security holes (vulnerabilities) in a computer, network, or communications infrastructure. In addition, vulnerability analysis can forecast the effectiveness of the proposed countermeasures and evaluate their actual effectiveness after they are put into use. They are usually conducted using mainly automated tools. In comparison with the penetration testing, vulnerability assessment does not try to exploit the identified vulnerabilities in order to prove their truthfulness and impact on the business.

During the part of the automated testing our team uses software tools like Nmap, Nessus, Nexpose, OWASP Zap, Nikto and more.

In conclusion Vulnerability assessment aims to:

  •  Define and classify network or system resources and assign relative levels of importance to the resources.
  •  Identify potential threats to each resource and develop a strategy to deal with the most serious potential problems first.
  •  Definе and implement ways to minimize the consequences if an attack occurs.

After all, the discovered vulnerabilities are described in report.

Details

  • Your organization might need such assessment if vulnerability management process is in place.
  • Vulnerability assessment provides overview, but does not exploit potential issues in your orgaization.
  • Vulnerability assessment is often required for compliance.
  • Vulnerability assessment can help you comply with the technical requirements of GDPR.

Up to 5 days.

Our experts hold various certificates in the area, like CEH, OSCP, CCSA and more.

We can engage our partners to fix your vulnerabilities if you lack expertise. We avoid fixing them on our own due to conflict of interests.

Our process

Information gathering

  • Scanning
  • Identification

Service enumeration

  • Web services
  • TCP ports
  • UDP ports

Scanning

  • Configuration issues
  • Missing patches
  • Danferous services

Validation/categorization

  • False positives validation
  • Scan results review
  • Manual verification of discoveries
  • Categorization of the vulnerabilities

Reporting

  • Summarization of the information
  • Management reporting
  • Technical report