Vulnerability Assessments identify and rank the exposures present within our clients’ systems and network. Industry-leading automated scanners, configured with optimized settings, are utilized to analyse the target environment. This process discovers misconfigurations, unsupported software, missing patches, unintentionally open services, and publicly disclosed exploits, to name a few. The information can then be used to formulate a plan to eliminate the threats or reduce them to an acceptable level of risk.
Pentstage offers Vulnerability Assessments as a standalone service, but also includes scanning at the beginning of our Penetration Tests. The vulnerability scanning phase is used as validation to ensure only the most common exposures were identified, as well as confirms that each of the findings identified through vulnerability scanning is validated.
The Pentstage consultants perform validation of the discovered vulnerabilities, excluding denial-of-service (DoS), and removes all false-positives.
Our report outlines various findings and includes the pertinent validation screenshot or data.
The findings are then categorized by Common Vulnerability Scoring System version 3 (CVSSv3). The report includes a description of the vulnerability, affected hosts, recommended remediation, and applicable reference sources.
Pentstage then weighs this score and assesses the impact to establish a risk-rating. This information can then be used in conjunction with a Vulnerability Management Program to identify and remediate exposures that compromise and reduce the effectiveness of the information security program.