Vulnerability Assessment (VA) service is designed to identify security holes within an organization’s IT infrastructure, specifically related to cyber threats. Before the actual penetration testing starts, it is necessary to establish a baseline of all the assets and the vulnerabilities in those assets that can be exploited.
Our team performs vulnerability scanning on all the assets within our scope so that technical and administrative vulnerabilities are identified. Vulnerabilities within our client’s environment are categorized not only according to the CVSS base score and the impact on the confidentiality, integrity, and availability of the information, but such vulnerabilities are also categorized according to the impact on business of the client. Furthermore, vulnerabilities having public exploits or malware available for their exploitation is given higher value as per their calculated risk exposure.
We perform both tool based and manual scanning along with validation of all discovered vulnerabilities and their evidence. We use separate checklists for each of the following types of vulnerability assessment testing: