Vulnerability Assessment

The vulnerability assessment’s goals are to identify, classify, and prioritize vulnerabilities in networks, databases, and applications. The engagement is wider and more complicated than simple scans as it also involves personalized testing policies for noncompliance and misconfigurations of instances in the client’s ecosystem. With the collected information, vulnerabilities are classified following the context and prioritized based on industry best practices for risk management.

Vulnerability Assessment Execution Methodology

Penetration testers carry out the testing without detailed network or infrastructure diagrams and without any accounts or additional user information (unless required as part of the scope). Includes: Reconnaissance, Threat Modelling, Vulnerability Analysis, Exploitation, Post-Exploitation.

Automated Scanning:

Scanning using a suite of tools

Manual Validation:

Verification using manual checks to reduce false positives

Risk Evaluation and Prioritization:

Documentation of the security issues discovered

Some of the tools that our penetration testers use include:

Nessus Professional • Netsparker • • Burp Suite Pro • Nikto • Sqlmap • Metasploit Framework • Custom Scripts.