Unlike how a penetration test tries to exploit vulnerabilities that are uncovered during scans, vulnerability scanning merely identifies potential weaknesses in network devices – like routers, switches, servers, firewalls – and applications. Vulnerability scanning is typically lower in cost than performing a penetration test because it only identifies that a vulnerability exists; it does not provide detail into how seriously the vulnerability could be exploited. While vulnerability scanning is not as comprehensive as specific penetration tests are, it does give an organisation a snapshot of its attack surfaces and known vulnerabilities at the time of scanning. This makes vulnerability scans an important for evaluating security posture and planning improvement

Many data breaches are often the result of unpatched vulnerabilities. Vulnerability scanning provides a proactive approach for identifying and eliminating these security gaps. We, therefore, recommend running vulnerability scans regularly to ensure that you are not left exposed to newly found vulnerabilities. Vulnerability scans alone are not enough to protect your organisation. They are useful for developing a plan of action and then undertaking specific penetration tests to assess how easily the discovered vulnerabilities can be exploited. 

We provide both on-demand credentialed and non-credentialed scans from external and internal perspectives. spriteCloud uses enterprise-level products for vulnerability scanning to ensure we get the best results and that you get the best advice. 

The benefits of vulnerability scanning to your organisation are:

  • Quickly gain an overview of your organisation’s attack surface;
  • Quickly identify which vulnerabilities your organisation is susceptible to;
  • Useful for developing an action plan for securing vulnerabilities;
  • Less expensive than a penetration test, though not as comprehensive.

Delivery Methods

Our security testing services can be provided via two methods that can be mixed and matched to create an overall testing solution that fits your needs perfectly. For instance, you might require a project-based web application penetration test (delivered locally) and vulnerability scan (conducted remotely). 

Project-based

Projects are fixed scope engagements of a predetermined time frame. Projects can be delivered locally at your office alongside your team or carried out remotely from our offices in Amsterdam or Kiev.

Contract-based

Contracting is a method of rolling engagement where a tester is contracted to join your organisation to deliver the required testing. Contract-based work can only be delivered locally, typically from within your team.

Testing Approaches

We offer two testing approaches or levels to our vulnerability scanning services, each approach is different but both use the same high-level methodology for undertaking the vulnerability scanning.

Standard Vulnerability Scanning

Our standard vulnerability scans utilize enterprise-level products such as Nessus, OpenVAS and Burp Suite to scan the application or system in question. The results are then gathered based on the output from the tools and delivered to the customer in a report.

Professional Vulnerability Scanning

Our professional vulnerability scans build on top of our standard scans. We use the same three scan tools, but the results are reviewed by one of our ethical hackers, who then manually verifies the results before creating the report.

Our professional vulnerability scans are more in-depth than the standard vulnerability scans in terms of:

  • Manual verification of the reported findings, along with the elimination of false positives;
  • Scoring all vulnerabilities accurately, with both the Common Vulnerability Scoring System (CVSS) score, and a real-world risk score;
  • More targeted remediation details.

High-level Processes for Both

We use a methodology that consists of the following phases:

  1. Planning and definition of scope
  2. Gathering information on the target asset:
    1. Firewall detection;
    2. Alive hosts;
    3. Port scans;
    4. Operating system and service detection.
  3. Scanning, identification and assessment of network vulnerabilities;
  4. Reporting the final results and identifying countermeasures.

Contact Us

For more information about how penetration testing can help you secure your applications and networks, contact us using the contact form below or call Baruch Annink at +31 (0) 646 955 406.

High-level Processes for Both

We use a methodology that consists of the following phases:

  1. Planning and definition of scope
  2. Gathering information on the target asset:
    1. Firewall detection;
    2. Alive hosts;
    3. Port scans;
    4. Operating system and service detection.
  3. Scanning, identification and assessment of network vulnerabilities;
  4. Reporting the final results and identifying countermeasures.
top