Vulnerability Testing

Vulnerability Testing


A penetration test is used to evaluate the security of an information technology environment whether that be on-premise, cloud or hybrid, or testing applications, systems, networks or human controls.

The goals of penetration testing are to:

> Proactively identify vulnerabilities that leave the organisation exposed to malicious actions;
> Actively exploit vulnerable systems to prove that the identified vulnerability actually poses a risk to the organisation; and
> Prove access gained to systems via exploitation leads to the exposure of sensitive or personal data

Outcomes of a successful penetration testing program include identification of vulnerabilities, crosschecking of the effectiveness of existing security controls to protect against identified exposure, compliance regulation and the ability to prioritise risks and manage mitigation and remediation of those risks.

One way to secure IT assets, maintain an awareness of the vulnerabilities in an environment and respond quickly to mitigate potential threats is through regular vulnerability assessment (VA). A VA is a process to identify and quantify the security vulnerabilities in an organisation’s environment. A comprehensive vulnerability assessment program provides organisations with the knowledge, awareness, and risk background necessary to understand threats to their environment and react accordingly.

A Vulnerability Evaluation is a method of assessing resources in an enterprise for missing patches and misconfigurations. Often the vulnerability assessment is in support of regulatory compliance or compliance with a standard. The process identifies and prioritizes vulnerabilities based on criteria such as the likelihood of the vulnerability being exploited and the severity of the vulnerability – what the vulnerability provides the attacker when used. These criteria are used to categorize the vulnerability as Critical, High, Medium, Low, or Informational.

We assess systems using vulnerability scanning tools and manual methods to identify and prioritise findings based on the criticality of system vulnerabilities. We scrub findings to eliminate false positives and prioritise risk, based on existing security controls for your environment. The Vulnerability Assessment looks for missing patches and existing vulnerabilities for each system. We use authenticated scans wherever possible to reduce false positives and improve accuracy.

We typically perform a Vulnerability Assessment on an internal enterprise environment and a Penetration Test against the external, public-facing systems. We can, however, perform a Vulnerability Assessment against your external systems and wireless systems as well.