Vulnerability Testing Services

An overview of Aptive’s Vulnerability Scan Services.

What is a Vulnerability Assessment?

A Vulnerability Assessment also known as Vulnerability Testing attempts to discover security issues within applications or infrastructure the way pen testing does, however a vulnerability assessment does not verify the existence of the vulnerability by attempting exploitation. Instead as much evidence as possible is recovered to support the finding without attempting exploitation.

Vulnerability Testing Services

Monthly Vulnerability Testing

Aptive offer custom automated vulnerability scanning performed weekly, monthly or quarterly, allowing for regular checks of both legacy and newly discovered vulnerabilities, this service is designed to complement regular manual security testing. Without regular security auditing of your systems there is no way of knowing if your organisation has vulnerabilities exposed. For example, a legacy machine could have been booted and due to incorrect firewall policies could be accessible to the outside world, your organisation would have no way of knowing this risk existed without regular security auditing.

Regular scanning can help detect changes and automatically scan for newly discovered vulnerabilities, this service compliments our manual security testing services.

PCI DSS Vulnerability Testing

The Payment Card Industry Data Security Standard (PCI DSS) compliance requires that merchants accepting credit cards, conduct quarterly vulnerability scans (every 3 months) of their environment, both internally and externally.

PCI DSS External Vulnerability Testing

External vulnerability testing is performed from outside of your organisation’s network and must include all of your external IP addresses. Regular external vulnerability testing helps identify exposed vulnerabilities and compliment the annual penetration testing also required for PCI DSS compliance.

PCI DSS Internal Vulnerability Testing

Internal vulnerability scans must take place from a number of locations within your network to test the security of all systems within the cardholder data environment (CDE). Internal VA provides an internal overview of the state of security within your network and identifies flaws that that an attacker could potentially exploit after gaining access to your internal network.

How often are PCI DSS vulnerability scans required?

Vulnerability scans must be performed at least on a quarterly basis, additional scans are required whenever there are significant infrastructure changes to your cardholder data environment.

Vulnerability Assessment Services

Below are Aptive’s vulnerability testing services:

  • External Vulnerability Testing
  • Internal Vulnerability Testing
  • Cyber Security Essentials Vulnerability Testing
  • PCI DSS Vulnerability Testing
  • Automated Vulnerability Testing Service
  • Manual Vulnerability Testing
  • Vulnerability Management Service

Why Perform a Vulnerability Assessment?

If your organisation has never performed a security audit before, a vulnerability assessment is a good starting point to gain an overview of your network security. Below are some of the primary advantages of a vulnerability test:

  • Reduced cost compared to manual testing
  • Faster result
  • Can be run regularly to assess internal / external network vulnerabilities
  • Reduced risk
  • Compliance standards such as Cyber Security Essentials, require an external vulnerability assessment
  • Help identify vulnerabilities on your network

Additionally, quarterly vulnerability assessments are a requirement for PCI DSS, which must be performed every 3 months (4 times a year).

Regular vulnerability assessments can help detect changes and automatically scan for newly discovered vulnerabilities, this service compliments our manual security testing services.