What is Vulnerability Assessment?
A vulnerability assessment uses a vulnerability scanner to analyze your server and network environment for vulnerabilities. The assessment uses a combination of automated tools and manual verification to confirm the validity of vulnerabilities detected.
Vulnerability assessment can be conducted from within your network or from the public internet to determine your vulnerability exposure.
To detect vulnerabilities in the operating system and commonly used software in servers and network devices.
To detect vulnerabilities at the web application layer, usually for custom-developed web apps.
To detect vulnerabilities in the operating system of end user computers.
Vulnerability Assessment Process
Run scanning tools to analyze target and detect potential vulnerabilities.
Perform manual verification to confirm validity of detected vulnerabilities.
Analyze impact and severity of issues, and recommend corrective action.
Verify if previously detected vulnerabilities have been fixed adequately.
Frequently Asked Questions
What is the difference between internal and external assessment?
Internal vulnerability assessment determines the exposure to a malicious insider attack and is conducted from within the customer internal network and from a segment where the targets are accessible.
External vulnerability assessment determines the exposure to a malicious outsider attack and is conducted from the public internet without modification of customer’s perimeter defence.
What is included in network vulnerability assessment?
Network vulnerability assessment is focused on the services running on the network and is primarily concerned with vulnerabilities at the operating system layer and common software (e.g. NIST CPE) of the target hosts and devices.
What is included in web application vulnerability assessment?
Web application vulnerability assessment is focused on the functionalities of the application and is primarily concerned with application layer vulnerabilities, especially the OWASP Top Ten Web Application Security Risks.
What tools do you use?
We use both commercial and open source tools including Tenable Nessus Pro, Burp Suite Pro, Kali Linux, etc.