Unlike how a penetration test tries to exploit vulnerabilities that are uncovered during scans, vulnerability scanning merely identifies potential weaknesses in network devices – like routers, switches, servers, firewalls – and applications. Vulnerability scanning is typically lower in cost than performing a penetration test because it only identifies that a vulnerability exists; it does not provide detail into how seriously the vulnerability could be exploited.
While scanning alone is not as comprehensive as specific penetration tests are, it does give an organisation a snapshot of its attack surfaces and known vulnerabilities at the time of scanning. This makes vulnerability scans an important process for evaluating security posture and planning improvements.
Many data breaches are often the result of unpatched vulnerabilities. Vulnerability scanning provides a proactive approach for identifying and eliminating these security gaps. We, therefore, recommend running scans regularly to ensure that you are not left exposed to newly found vulnerabilities. Vulnerability scans alone are not enough to protect your organisation, as they must be combined with action to remediate any threats found. They are useful for developing a plan of action and then undertaking specific penetration tests to assess how easily the discovered vulnerabilities can be exploited.
We provide both on-demand credentialed and non-credentialed scans from external and internal perspectives. spriteCloud uses enterprise-level products for vulnerability scanning conducted by our certified ethical hackers to ensure we get the best results and that you get the best advice.
The benefits of vulnerability scanning to your organisation are:
- Quickly gain an overview of your organisation’s attack surface;
- Quickly identify which vulnerabilities your organisation is susceptible to;
- Useful for developing an action plan for securing vulnerabilities;
- Less expensive than a penetration test, though not as comprehensive.
We can provide penetration testing services for your website or application via several delivery methods. You can add penetration testing to your Testing Services Subscription or you could request ad hoc testing for a situation where you don’t test very frequently. Find out more by clicking each ‘More Info’ button. If you find these all confusing get in touch with us at firstname.lastname@example.org or via our contact page so we can help you figure out the best solution.
Our software testers are very experienced at testing client applications remotely. The COVID-19 virus has forced a lot of organisation to work remotely but fortunately, our testers already have the skills to help remote teams. spriteCloud has been providing testing both remotely and on-site for over ten years. All of our software testing services can be executed remotely.
Ad Hoc Testing
Projects are fixed scope engagements of a predetermined time frame. In other words, we test only what you ask for. Projects can be delivered locally at your office alongside your team or carried out in a remote testing format from our offices in Amsterdam or Kiev.
Contracting is a method engagement where a tester is contracted to join your organisation to deliver the required testing on a (near-)full-time basis. Contract-based work is typically delivered locally but can also be delivered remotely.
Software Testing Subscription
Our Software Testing Subscription is a monthly recurring package (a Test Stack) made up of a custom mixture of our software testing services. Here you can decide the exact software testing services you want, how much testing you need, and how long you want the subscription. Our Software Testing Subscription allows you to create the best quality products for the best customer experience because it facilitates consistent and high quality testing.
Reported with Calliope Pro
All test results are delivered to you via Calliope Pro, our proprietary test results dashboard. Calliope was designed to make it easy to share, compare, and monitor test results with all stakeholders in one central location. Create a company, upload results, and collaborate more effectively.
Calliope was created for testers, by testers. Give it a try today.
We offer two testing approaches or levels to our vulnerability testing services, each approach is different but both use the same high-level methodology for undertaking the vulnerability scanning.
Standard Vulnerability Scanning
Our standard vulnerability scans utilize enterprise-level products such as Nessus, OpenVAS and Burp Suite to scan the application or system in question. The results are then gathered based on the output from the tools and delivered to the customer in a report.
Professional Vulnerability Scanning
Our professional vulnerability scans build on top of our standard scans. We use the same three scan tools, but the results are reviewed by one of our ethical hackers, who then manually verifies the results before creating the report.
Our professional vulnerability scans are more in-depth than the standard vulnerability scans in terms of:
- Manual verification of the reported findings, along with the elimination of false positives;
- Scoring all vulnerabilities accurately, with both the Common Vulnerability Scoring System (CVSS) score, and a real-world risk score;
- More targeted remediation details.
High-level Processes for Both
We use a methodology that consists of the following phases:
- Planning and definition of scope
- Gathering information on the target asset:
- Firewall detection;
- Alive hosts;
- Port scans;
- Operating system and service detection.
- Scanning, identification and assessment of network vulnerabilities;
- Reporting the final results and identifying countermeasures.