Vulnerability Assessment Services

An overview of Aptive’s Vulnerability Assessment Services.

What is a Vulnerability Assessment?

A Vulnerability Assessment also known as Vulnerability Testing attempts to discover security issues within applications or infrastructure the same as a penetration test, however it does not verify the existence of the vulnerability by attempting exploitation. Instead as much evidence as possible is recovered to support the finding without attempting exploitation. There are two types of vulnerability assessment, manual and automated. More information about these services can be found on their respective services page.

Vulnerability Assessment Services

Below are Aptive’s vulnerability assessment services:

  • External Vulnerability Assessment
  • Internal Vulnerability Assessment
  • Vulnerability Assessment and Penetration Testing (VAPT)
  • Automated Vulnerability Assessment Service
  • Manual Vulnerability Assessment
  • Vulnerability Management Service

Why Perform a Vulnerability Assessment?

If your organisation has never had a penetration test before, a vulnerability assessment is a good starting point to gain an overview of your network security. Below are some of the primary advantages of a vulnerability assessment:

  • Reduced cost compared to manual penetration testing
  • Faster results (typically) than penetration testing
  • Can be run regularly to assess internal / external network vulnerabilities
  • Reduced risk compared to penetration testing
  • Compliance standards such as Cyber Security Essentials, require an external vulnerability assessment
  • Help identify vulnerabilities on your network

Additionally, quarterly vulnerability assessments are a requirement for PCI DSS, which must be performed every 3 months (4 times a year).

Regular vulnerability assessments can help detect changes and automatically scan for newly discovered vulnerabilities, this service compliments our manual penetration testing services.

Vulnerability Assessment vs Penetration Testing

Vulnerability assessments and penetration testing services have the same common goal, to identify security issues and vulnerabilities and deliver these findings to the client in a severity ordered report. However there are some significant differences, these are outlined below:

False Positives

Vulnerability testing helps identify potential security vulnerabilities without attempting to exploit the system. On a manual vulnerability test the consultant will provide as much evidence as possible to backup the finding, however due to the limitation of not being able to exploit the vulnerability, truly verifying if a system is exploitable to a discovered vulnerability is not possible.

Manually combining vulnerabilities

Manually combining discovered security issues together to leverage a higher security vulnerability or in some cases a compromise is not possible with a vulnerability assessment.

Advancement

Advancement, commonly known as “pivoting” is also not possible on a vulnerability assessment, due to no machines being compromised, and therefore cannot be used a network entry points.