What is a vulnerability assessment?
The vulnerability assessment allows a systematic evaluation of the weaknesses that an information system may have, this allows to know if there are open ports, available services, if the system is susceptible to known vulnerabilities, defines severity levels for each vulnerability and recommends solutions to mitigate them.
Types of vulnerability assessment
- Host evaluation.
- Network infrastructure assessment.
- Wireless network evaluation.
- Database evaluation.
- App evaluation.
What are the objectives of a vulnerability assessment?
- Reveal the attack surface.
- Find active weaknesses and vulnerabilities at an early stage.
- Find vulnerabilities from previous configurations.
- See what the company looks like in the eyes of an attacker.
Why should a vulnerability assessment be performed?
- Know the security status of the organization.
- Establish a starting point to begin managing the security of the organization.
- Build a review and improvement cycle for security.
This service offers two deliverables:
- Executive report: this report describes the risk level of the company without mentioning technical details, only highlighting the problem through well-defined concepts and graphs.
- Technical report: this report is aimed at IT staff, with the aim of helping to solve the problems detected, the evidence of the tests carried out, the findings are detailed and the processes and mechanisms necessary to lower the level of risk and remedy detected vulnerabilities and security gaps.