Penetration Testing
Penetration Testing
Comprehensive pentests on applications, networks, APIs and more — performed manually by certified professionals.
Vulnerability Assessment
A systematic process of identifying, analyzing, and prioritizing vulnerabilities in systems, networks, applications, and devices. It allows a company to identify and correct weaknesses before they are exploited by cybercriminals.
Vulnerability Assessment vs. Pentest
Vulnerability Assessment identifies and classifies flaws, but does not attempt to exploit them.
It does not analyze web applications in the same depth as Penetration Testing.
Faster, lower cost, and uses automated tools for a more comprehensive and agile analysis.
It does not perform in-depth manual testing or simulate real attacks.
Provides a report with all detected flaws and suggested fixes.
It does not provide recommendations or proof of concept, but it keeps security up to date with frequent scans.
Advantages of Vulnerability Assessment
Early identification of vulnerabilities and critical flaws to minimize the risk of attacks.
Automated, fast, and resource-efficient. Automatic scans allow for frequent analysis without significant impact on the infrastructure.
Continuous and frequent execution allows for daily, weekly, or monthly testing to keep security up to date.
Automated reports with technical insights, risk classification, and remediation guidelines.
Focuses on the network, services, and attack surface. Ideal for mapping and analyzing infrastructure exposure on the internet.
Helps with compliance with standards and laws. Supports compliance with LGPD, ISO 27001, PCI-DSS, and other requirements.
Steps
01
Scope Definition
Systems, networks, applications, or devices to be assessed. May include internal and external assets, endpoints, servers, etc.
02
Gathering Information
Gather all data about the environment to be assessed, such as an inventory of assets, network, operating systems, applications, and services in use, and creating a clear picture of where vulnerabilities may exist. This ensures a complete and accurate analysis.
03
Vulnerability Identification
Use of automated tools to scan systems against databases of known vulnerabilities. Comparison of software versions, operating systems, and misconfigurations.
04
Vulnerability Classification and Prioritization
Use of metrics such as CVSS (Common Vulnerability Scoring System) to classify by severity.
05
Vulnerability Report Document
List of detected vulnerabilities, severity and associated risk, recommendations for remediation or mitigation, and potential impact if not remediated.
06
Mitigation Recommendations
Practical and technical suggestions for remediating or mitigating each vulnerability. May include updates, reconfiguration, and network segmentation.
07
Revalidation (optional)
After the errors have been corrected, a new scan can be performed to confirm the resolution.