CYBX can run tailored Vulnerability Assessments to help you meet your business requirements, whether annual assessments for Cyber Essentials, a one-off test for peace of mind, or a regular monthly evaluation for ongoing security. A vulnerability assessment will give you a clearer understanding of your internal and external security.
Vulnerability assessments are vital for compliance purposes but also prove significantly beneficial for businesses that do not require the extensive testing offered by traditional penetration testing. A vulnerability assessment provides a comprehensive overview of your security without considering any substantial variables that could be introduced through manual configuration.
After your assessment, our team will provide your results and a tailored executive summary from our security testers, allowing you to review each item confidently and act.
The Value of Vulnerability Assessments
Our Vulnerability Assessments Help Network and Security Managers who want to identify vulnerabilities in their systems and applications by scanning their infrastructure or application security. By identifying vulnerabilities, we can advise on how to fix them and support you with comprehensive one-to-one support after scanning. This will enable your IT managers to understand and secure your systems and software. Unlike scanning software from third-party providers, the CYBX team can assist you in fully understanding the process and the findings, allowing you to resolve the issue and not just find it.
“Over 25,000 vulnerabilities were published in 2022.” – NVD’s Analysis of CVE
External Vulnerability Assessments
External vulnerability scans are performed from outside of the network. These scans are targeted at external IP addresses of the network. The information you will find helpful in these scans is the vulnerabilities and the list of ports open to the internet.
During an external vulnerability assessment, testers identify the following:
- Exploitable vulnerabilities per host
- Misconfiguration of externally facing services
- Default passwords
- Check for outdated software versions
- Check for well known CVE's
Internal Vulnerability Assesments
Internal vulnerability scans are performed from a location with access to the internal network. This can be on-site or accessed through a VPN (Virtual Private Network) connection to the internal network. These scans show vulnerabilities at a greater depth as they can see more of the web than an external scan.
Internal scans are best used when you need to verify that patching has occurred or when you need to provide a detailed report of vulnerabilities in the network.
During an internal network scan, our analysts identify the following:
- Identify and isolate hosts missing specific patches
- Network Based Scan - Exploitable vulnerabilities on all devices and endpoints on the network
- Identify insecure systems and services
- Attempt to access sensitive or mission-critical information
Web Application Vulnerability Assesments
Web application penetration testing involves a methodological series of steps to gather information, find vulnerabilities, exploit the identified vulnerabilities, and compromise the web application. The industry standard vulnerability scanner is used to ensure thorough coverage of the items in scope of the assessment.
During a web application test, our analysts identify the following:
- Functionality Testing of a Website
- Testing the interface and functionalities on the website
- Internal and outgoing/external links
- Test forms to ensure fields accept correct data
- Login functionality testing
- Identify out-of-date server and web framework versions
- SQL Injection Testing
- Unauthorised access to secure pages
- Identify out-of-date or invalid certificates
- Analysing source code