The vulnerability assessment’s goals are to identify, classify, and prioritize vulnerabilities in networks, databases, and applications. The engagement is wider and more complicated than simple scans as it also involves personalized testing policies for noncompliance and misconfigurations of instances in the client’s ecosystem. With the collected information, vulnerabilities are classified following the context and prioritized based on industry best practices for risk management.
Vulnerability Assessment Execution Methodology
Penetration testers carry out the testing without detailed network or infrastructure diagrams and without any accounts or additional user information (unless required as part of the scope). Includes: Reconnaissance, Threat Modelling, Vulnerability Analysis, Exploitation, Post-Exploitation.
Scanning using a suite of tools
Verification using manual checks to reduce false positives
Risk Evaluation and Prioritization:
Documentation of the security issues discovered
Some of the tools that our penetration testers use include:
Nessus Professional • Netsparker • Testssl.sh • Burp Suite Pro • Nikto • Sqlmap • Metasploit Framework • Custom Scripts.