In the context of vulnerability assessments, we look for known vulnerabilities in your IT environment and provide a comprehensive overview of existing technical risks. Modern IT environments consist of many applications and systems with access to the Internet, are offering many attacking scenarios.
Through the combination of automated and manual testing we check your systems for vulnerabilities. This gives you an overall picture of technical risks in your environment. As a result of the vulnerability assessments, we provide you a catalog of assessing the risks and recommendations for action. Unlike penetration test, the objective is to obtain a comprehensive overview of known vulnerabilities. The active exploitation of possible vulnerabilities is carried out only in the context of a penetration tests.
The starting point is a previously defined range of accessible IT systems. It can be taken both an internal and external perspective. The vulnerability audit is carried out in three steps:
Collect information's about usernames, shares, and services in your environment.
Use automated tools (such as Nessus, WebInspect, Netsparker, Qualys) to find known information security vulnerabilities in your services.
Use manual tools and expertise knowledge to exclude false positives findings.
The results are then summarized in a risk catalog, which includes an assessment of security risks as well as specific recommendations for action.
Give us a call, we look forward to it. +49 69 15322864