Vulnerability Scanning

Vulnerability Scanning

Vulnerability Scanning is a low cost solution for businesses wanting a lightweight security check up on their computer systems, networks or web applications. This type of assessment will uncover “low hanging fruit” security misconfigurations such a missing patch levels.

 

What is Vulnerability Scanning?

A Vulnerability Scan will audit for “low hanging fruit” vulnerabilities against external facing infrastructure or web application. The assessment will discover the following type of vulnerabilities:

Brief Overview of a standard scan:
  • Discover missing OS and software patches.
  • Check for SSL and other encryption technology misconfigurations.
  • Check for insecure Firewall rules.
  • Check weak security controls.

Key Benefits Of A Vulnerability Scan

Vulnerability Scans can be used to give a quick check of your infrastructure. System admins may decide to request a vulnerability scan to ensure there system has been patched correctly:

A Vulnerability Scan will help our clients:
  • Comply with GDPR and other regulatory bodies which require regular Vulnerability Scanning.
  • Provide evidence to your clients or supply chain that your organisation take proactive steps towards securing your data.
  • Develop in house security awareness of common vulnerabilities for system admins. Making them proactive in securing the network and raise awareness of possible areas where vulnerabilities can be introduced.
  • Reduce the risk of being successfully attacked by cyber criminals.
  • Ensure your patching cycle has been successful.

Our methodology

Our consultants are all certified with at least Check Team Member or OSCP certificate. We follow the industry-standard OSSTMM methodology. Alongside this, we use our own in-house methodologies which have been tried and tested during our own careers.

Using industry specific scanning tools we will audit your web application or external infrastructure for the latest vulnerabilities.

Penetration Testing Engagement Process

Scoping

Spider Sec has tried to make the scoping process as easy as possible. We have created a quoting form which will price your project based on your requirements. If you are happy with the quote, send it to us and we will send over our authorisation forms and SOW to be filled out. Then we will schedule the engagement and ensure all prerequisites are in order.

Engagement

On the scheduled date you will receive an email before the penetration test begins. During the engagement, if any high or critical risk vulnerabilities are discovered you will be informed ASAP.

Reporting

Once the engagement is completed we will write up our discoveries into an easy to digest report with remediation steps and risk ratings.

Retest

After you have digested the report if you wish to book a retest please let us know. We are happy to retest high and critical risk vulnerabilities for free.