Vulnerability Assessment
Mossé Security provides Vulnerability Assessment services to organisations, and our Certified Consultants are guaranteed to discover a vulnerability or weakness before a threat actor is able. Furthermore, many information security compliance standards require periodic vulnerability assessments to be performed against critical systems. Critical and high risk vulnerabilities must then be remediated in a timely timeframe, often within 30 days.
What is the difference between vulnerability assessment and penetration testing?
Penetration testing involves manual identification and exploitation of vulnerabilities by a professional ethical hacker, whilst vulnerability assessments are limited to the use of automated tools.
Mossé Security includes vulnerability assessments in its penetration testing services as automated scanners can test many more systems and user inputs than a human ever could. They are very effective as identifying missing security patches, default credentials, outdated software and operating system versions, unencrypted network protocols and simple application security vulnerabilities. However, our Certified Consultants are capable of identifying vulnerabilities that automated tools are unable to, particularly critical security flaws that require a deep understanding of software code and infrastructure configuration and deployment practices.
Why is vulnerability assessment important?
Vulnerability assessments are good cybersecurity hygiene practices.
They are cost effective and very efficient at identifying easily exploitable vulnerabilities that have been weaponised in attack tools such as Metasploit.
Undertaking periodical vulnerability assessments will assist you:
- Ensure that your networks and applications are free from known critical and high risk vulnerabilities
- Generate measurable cybersecurity improvements that demonstrate a clear and easy return on investment (ROI)
- Meet your information security compliance requirements
How often should vulnerability assessments be performed?
Ideally every 30 or 90 days.
You should measure improvements over time and use the analytics generated from the scans to demonstrate cybersecurity ROI.
Why can't I perform vulnerability assessments by myself?
In some cases you can and are encouraged to (if you have the IT personnel capable of running basic tools). We recommend that you try free scanners such as OpenVAS, and Nuclei.
Mossé Security's value proposition for engaging our services is:
- Vulnerability Analysis and Triaging: The scanners will return thousands of results that need to be sorted, ranked, and prioritised. Organisations with thousands of ICT systems engage use to perform this level of analysis. We help them understand which vulnerabilities matter most and design vulnerability remediation plans.
- Remediation Planning and Execution: Resolving vulnerabilities at scale is difficult. Mossé Security provides Certified Consultants that develop vulnerability remediation plans and work with your IT team to deploy remediation activities at scale (e.g. patching, configuring, hardening, upgrading etc.).
- Testing and Validating: Deploying changes on production systems can be incredibly dangerous. Mossé Security has extensive experience developing lab environments that simulate client networks to test the effectiveness of remediation activities and run through rollback plans. We provide our customers peace-of-mind that large-scale security activities can be undertaken without risking major outages.
Contact us at [email protected] to receive a free consultation on how to get started with Web Application Penetration Testing services.
Download the brochure >Vulnerability Assessment Methodology
Our Certifications
Our team undertakes 2,000+ hours of pre-deployment training per year. Here are some of the certifications we hold and maintain:
