Vulnerability Assessment

The vulnerability assessment’s goals are to identify, classify, and prioritize vulnerabilities in networks, databases, and applications. The engagement is wider and more complicated than simple scans as it also involves personalized testing policies for noncompliance and misconfigurations of instances in the client’s ecosystem. With the collected information, vulnerabilities are classified following the context and prioritized based on industry best practices for risk management.

Vulnerability Assessment Execution Methodology

Security consultants carry out the testing without detailed network or infrastructure diagrams and without any accounts or additional user information (unless required as part of the scope). However, credentialed scans can also be conducted, if needed by the client. Methodology includes:

Automated Scanning:

• Scanning using a suite of tools

Manual Validation:

• Verification using manual checks to reduce false positives

Risk Evaluation and Prioritization:

• Documentation of the security issues discovered

We utilize industry-standard tools and frameworks as well as inhouse developed scripts to conduct the most complete and comprehensive vulnerability scan possible. Some of the tools that our penetration testers use include:

• Nessus Professional • Netsparker • Testssl.sh • Burp Suite Pro • Nikto • Sqlmap • Metasploit Framework • Custom Scripts

EN