What is a Vulnerability Assessment?
A vulnerability scanner is an application that identifies and creates an inventory of all the systems connected to a network (including servers, desktops, laptops, virtual machines, containers, firewalls, switches, and printers). A Vulnerability Assessment tries to classify the operating system it runs and the applications installed thereon for each computer it recognizes.
We will conduct a vulnerability audit/vulnerability scanning of your network and identify vulnerabilities within the software in your network and return back to you a full report of the issues found.
What’s the difference between a penetration test and a Vulnerability Assessment?
Vulnerability scanning and penetration testing are often confused, but in fact the two security procedures are quite different and are used for different purposes.
A Vulnerability Assessment at the most basic level is intended to find any systems that are vulnerable to known vulnerabilities, whereas a penetration test is intended to locate weaknesses in particular device configurations and organizational processes and procedures that can be exploited to compromise security.
What are the risks?
A Vulnerability Assessment is the bare minimum of security which every system should have. Not checking the security of your systems in this way could leave it vulnerable to any catastrophic security flaws endangering not only the data on the site but server or service as a whole allowing hackers to manipulate or destroy the system. This could lead to hosting costs being paid for a server which no longer has no benefit to yourself but could also be hosing illegal material.
What we test for:
- Compliance requirements: Audit system configurations and content against the current industry standards.
- “A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing” Article 32 (1,d) – General Data Protection Regulations (GDPR)
- Malware Detection: Detect known malware, as well as software which is potentially unwanted software.
- Web Applications: discover web server and services weaknesses and OWASP Top 10 security vulnerabilities.
- Cloud Infrastructure: assess configuration weaknesses in cloud-based infrastructure.
- Server Scanning: locate open ports, and assess systems, networks and applications for weaknesses.
How it works:
- Identification of vulnerabilities using scanning tools and techniques.
- Evaluation of the risk posed by any vulnerabilities identified.
- Treatment of any identified vulnerabilities.