Vulnerability Assessment​

The aim of Vulnerability Assessment is to discover security issues within applications or infrastructure the same way penetration testing does, but the major difference is that the vulnerability assessment does not attempt to exploit the vulnerabilities. During Vulnerability Assessment as much evidence as possible is recovered to support the finding, but this happens without attempting exploitation.

Vulnerability scanning is the act of identifying potential vulnerabilities in servers, applications, firewalls, etc. It is automated and focuses on finding potential and known vulnerabilities on both the network and the application level.

Our report ranks discovered vulnerabilities based on severity, typically as Critical, High, Medium, Low, and Informational. Critical, High, and Medium vulnerabilities indicate that a system or an application have a much greater risk of being exploited. and allow organizations to prioritize what to patch first if there are no significant business or technological constraints.

What is the purpose of a vulnerability scan?

Our purpose here is to look for known vulnerabilities in your systems and to report such potential exposures that, if exploited, could result in a compromise of a system. Our vulnerability scan ranks and reports each vulnerability. Like penetration tests, an external vulnerability scan is conducted from outside the organization, while an internal vulnerability scan is conducted from inside the organization.

We recommend conducting vulnerability scans continuously, especially after releasing new versions, installing new equipment or making any other significant changes.

The largest benefit of a vulnerability assessment is its relatively low cost compared to the penetration testing, so it is a good starting point as well to gain an overview of your application or infrastructure security, in case you have never had your systems tested.