Advanced Vulnerability Assessment
Advanced Vulnerability Assessment
This Team Leader driven advanced vulnerability assessment against your IP address spaces follows the PTES (penetration testing execution standard) methodology for vulnerability assessments and is conducted by CREST registered testers. It is designed to take a standard vulnerability scan a step further by having one of our CREST certified penetration testers verify every vulnerability manually to eliminate any false positives and leave you with only actual vulnerabilities in your IP address space and provide recommendations for improving your security posture.
Our advanced vulnerability assessment service is built upon a testing methodology that has evolved over the last 12 years. Based on the reconnaissance steps from the Penetration Testing Execution Standard, our methodology involves bringing the results together from three separate commercial scanning solutions along with finer testing using our internally developed scanners. Once the automated scans have run, one of our CREST certified Penetration Testers will validate all of the vulnerabilities identified, ensuring you have zero false positives in your report.
Once all of your IP address space in scope has been assessed, the report is created in a format that allows you to assess their relative business risk and the cost of remediation.
WHY RUN AN ADVANCED VULNERABILITY ASSESSMENT
External infrastructure-related vulnerabilities tend to arise from poor hardware configurations, ineffective system configuration parameters and weak security system controls. Ensuring you know about your vulnerability allows you to patch and fix before an attacker can gain control of resources on the network.
Our vulnerability assessment service will help you:
Zero False Positives;
Gain real-world insight into your vulnerabilities;
Identify any patches that need to be installed;
Reconfigure software, firewalls and operating systems; and
Identify needs for encryption or more secure protocols.
HOW IT WORKS
Our advanced vulnerability scanning process is as follows:
Once you have placed an order, a review meeting is taken by the assigned penetration tester and our CEO to ensure we are going to test to a sufficient level.
We will launch the scans a time and date agreed by you.
Once the scan is complete, a Penetration Tester will manually validate all of the results and remove all false positives.
A detailed report that identifies and explains the vulnerabilities and their impact to your organisation.
An executive summary that explains what the risks mean in business terms.
The price is by blocks of IP addresses.
This is can be an internal or external assessment.
Expenses related to travelling, etc. are not included in the price.
On-site presentation of report findings and remedial consultations can be provided upon request at an additional cost.
The quoted price applies to testing during regular office hours. An additional charge will be incurred for tests conducted outside of regular office hours (9:00 to 17:30 GMT).
REQUIRE SOMETHING MORE IN-DEPTH?
We’ve designed our standard packages to be easy and affordable, but if you are unsure of your requirements, or your needs are more complex and involve attempting advanced exploitation of the identified vulnerabilities, please call us to discuss. Our consultants can answer your questions and make the process painless. If you would like to talk to one of our testers or meet with them, we would be happy to arrange this for you.
WHY CHOOSE US?
Vulnerability Assessments should only be carried out by experienced testers with the necessary technical skill set and qualifications. Our penetration testers have strong technical knowledge and a proven track record in finding security vulnerabilities and can carry out exploits in a safe manner and advise on appropriate mitigation measures to ensure that your systems are secure.
Our penetration testers are OSCP (Offensive Security Certified Professional), OSWE (Offensive Security Web Expert) and CREST (Certified Register of Ethical Security Testers) certified. Our penetration testing team will provide you with clarity, technical expertise and peace of mind knowing that your web application has been reviewed by experienced testers in line with your business requirements.