What is Vulnerability Assessment?

A vulnerability assessment is the process of detecting, measuring, and listing the vulnerabilities in your network, systems and hardware. The results of Vulnerability Assessment performed by HTD help your organization develop an asset-aware security road map according to which assets require higher priority.

We perform the following types of Vulnerability Scans

• Web application scans - locate and identify vulnerabilities in web app following OWASP Top 10 Risks.
• Mobile application scans - evaluate the security level of a mobile app following OWASP Top 10 Mobile Risks.
• Network-based scans - identify possible network security attacks.
• Host-based scans - locate and identify vulnerabilities in servers, workstations or other network hosts.
• Desktop application scans - evaluate how data is stored, is information transfer securely, etc.
• Database scans - identify the weak points in a database so as to prevent malicious attacks.

Assessment Methods We Apply

• Automated Scanning

  To start the vulnerability assessment process, HTD’s security testing team uses automated scanning tools. These scanners have databases, which contain known technical vulnerabilities and allow detecting your company’s susceptibility to them. The main advantage of the automated approach is that it is not time-consuming and ensures a wide coverage of security weaknesses possibly existing in a range of devices or hosts on the network.

• Manual Scanning

  HTD’s security testing team performs the manual tuning of the scanning tools, as well as subsequent manual validation of the scanning findings to eliminate false positives. Upon the completion of such manual assessment performed by our specialists, you get reliable results containing only confirmed events.

The Process of Vulnerability Assessment

• Planning

  You need to start by determining which systems and networks will be assessed, identifying where any sensitive data resides, and which data and systems are most critical.

• Scanning

  Actively scan the system or network, either manually or via automated tools, and use threat intelligence and vulnerability databases to identify security flaws and weaknesses and filter out false positives.

• Analysis

  Providing a clear sense of the causes of the vulnerabilities, their potential impact, and the suggested methods of remediation. Each vulnerability is then ranked or rated based on the data at risk, the severity of the flaw, and the damage that could be caused by a breach of the affected system.

• Remediation

  The ranking in step three will help prioritize this process, ensuring that the most urgent flaws are handled first. It is also worth noting that some flaws may have so little impact that they may not worth the cost and downtime required for remediation.

• Repeat

  Vulnerability Assessment needs to be conducted on a regularly scheduled basis, as any single assessment is only a snapshot of that moment in time. Having those snapshots or reports to refer to over a period of time will also give you a strong sense of how your security posture was developed; for better or for worse.

Deliverables

• Executive Summary

  Highlighting highly rated vulnerabilities and business risks, and our recommendations.

• Technical Report

  Our findings and suggested recommendations for remediation and mitigation of the identified vulnerabilities.