Technical Vulnerability Assessment

Fingerprint Icon

Understand your organisation's technical vulnerabilities.

Technical Vulnerability assessment covers a broad range of activities which are intended to determine the degree to which an organisation, system, or information asset is exposed to potential compromise, the impact of such a compromise, and the likelihood of it occurring, through primarily technical means.

Technical vulnerability assessment feeds into risk management by providing objective information that can be used to determine organisational impact, and absolute risk level.

Similarly, it is not a replacement for penetration testing, but could be considered as more of a supportive or adjunctive service; providing additional information to better scope or interpret the results from penetration testing activities.

There are different types of technical vulnerability assessment activity, and a wide range of approaches that can be taken. These should be driven primarily by internal risk management and security strategy.

Fingerprint Icon

Build Review

This service makes use of automated tools and manual inspection, and requires a high level of understanding of the client’s intended use of the system. The exact process depends on the system or component being assessed, the environment in which it is to operate, and the organisation’s appetite for technical risk, however, it will typically involve the following: Define Goals – Understand the purpose of the system being assessed, and any standards against which it will be measured.

Learn More
Fingerprint Icon

Firewall Rule Audit

This service makes use of automated tools and manual inspection, and requires a high level of understanding of the client’s business model and typical Internet use. The exact process depends on the network and device being assessed, the environment in which it is to operate, and the types of network activity generally permitted, however, it will typically involve the following: Define Goals – Understand the purpose to which the firewall will be put, any additional measures it will be supported by (e.

Learn More
Fingerprint Icon

Internet and Social Media Profile

Most organisations will have at least one website, with publically accessible domain registration information, multiple employees’ social media profiles providing an insight into the organisational structure, and a plethora of clues about internal activities that individually are of little value, but in aggregate can lead to compromise of sensitive information. The team will utilise a combination of techniques to map out likely pathways an attacker might take to gain unauthorised access to an organisation’s information or systems.

Learn More
Fingerprint Icon

Vulnerability Scanning

Using both commercial and open-source automated scanning tools, the team can quickly identify and prioritise technical vulnerabilities that may lead to system compromise, or indicate underlying configuration errors. This type of activity is relatively quick and can be very cost-effective, however, it is also prone to both false positives and false negatives, as it relies on both the effectiveness of the automated scanning solution, and the reliability of the end-to-end communication between the scanner and the target at the time the scan takes place.

Learn More