Security Vulnerability Assessment Service

A security vulnerability assessment is a methodical process of identifying the weaknesses (or security vulnerabilities) associated with the systems that process your business information assets. Findings are categorised according to their level of potential risk to the system and used to construct a remediation roadmap. A security and vulnerability assessment can be conducted on either a network or application-level and is a critical component of a business’ cyber risk reduction strategy. Reducing security vulnerabilities in your systems reduces their “attack surface” and minimises your chances of a breach.

Risk Crew provides security vulnerability assessments of:

  • Interior-facing networks
  • Exterior-facing networks
  • Web applications
  • Application programming interfaces (API)
  • Hosting platforms
  • Mobile applications

Additionally, Risk Crew provides a vulnerability assessment as required for compliance with the Payment Card Industry (PCI) Data Security Standards (DSS).

The Risk Crew security vulnerability assessment process shall be executed in the following 5 phases:

01 | Planning

Confirming test scope, target IPs, URLs, APIs and specific locations of business information assets, compliance requirements, testing times, points of contact and rules of engagement.

02 | Scanning

Identifying vulnerabilities associated with targets, all the devices associated with the target network and associated hardware, operating systems and software security vulnerabilities related with these devices.

03 | Analysis

Determining false-positives and confirming risk-levels associated with identified vulnerabilities.

04 | Reporting

Documenting findings and specific step-by-step remedial recommendations.

05 | Retesting

Verifying vulnerabilities identified during testing were appropriately remediated.

Exploiting Vulnerability Executing and Granted Access - Security Vulnerability Testing

Features and Components

Our assessments are conducted using best practice methods that utilise both manual and automated tools to authenticate the effectiveness of present security controls.

Methodology

Risk Crew's assessment methodology is based upon best practices established and defined by ISECOM's Open Source Security Testing Methodology Manual (OSSTMM) and Open Web Application Security Project (OWASP) Cloud Security Project guidelines.

Tools & Techniques

Our experts use both automated tools and manual techniques to identify security vulnerabilities that threaten theintegrity of your systems. These may be configuration flaws, excess builds, missing security patches, updates or fixes or programming errors on internet-facing systems.

Examination

Additionally, our experts will examine how your servers appear to users on the internet and pinpoint where information is exposed, which could be exploited by attackers.

Risk Crew Deliverables

Risk Crew’s service provides a comprehensive report that details security vulnerabilities identified and specific actions for remediation, a courtesy workshop and on-call assistance.

Detailed Report

The report details specific vulnerabilities identified on the platform, how they were identified, methods and tools used to identify them and visual evidence if applicable. The report shall indicate a security vulnerability risk rating for risk reduction references.

Stakeholder Workshop

The report is presented in a workshop with applicable business stakeholders to ensure their understanding of the findings and the risks associated with hosting the business information assets on the platform.

On-call Advice Assistance

We provide advice and assistance for 30 days following the report submittal and answer any questions that arise from implementing remedial actions and ensuring risk reduction.

Retesting Included

We offer retesting to verify remedial actions were effective. Upon completion, we’ll provide you with a summary report verifying remedial measures have been implemented.

Transparent Pricing

Our fixed pricing services come with no unexpected added costs. Additionally, we offer a managed service to conduct penetration testing on a continual basis.

Customer Promise

Risk Crew provides an unparalleled penetration testing solution covered by a 100% satisfaction guarantee.

Security Vunerability Assessment Benefits

The Risk Crew Security Vulnerability Assessment Service cost-effectively identifies the weaknesses associated with your systems for you to remediate and reduce the attack surface associated with your systems. Our security vulnerability assessment service includes:

✓Identifies weaknesses, remediates and reduces the attack surface associated with your systems.

✓Assesses and confirms the security integrity of critical applications and services.

✓Maintains the performance and availability of your customer systems and services.

✓Enables better response to security incidents - minimising any impact.

✓Demonstrates compliance with legal and regulatory obligations.

✓Regular vulnerability testing helps identity, minimise and manage the risk of a security breach.

✓Finds and plugs the security holes before they are discovered and exploited.

✓Gives a realistic view of your cyber security profile including what systems are specifically more vulnerable than others.

Why Choose Risk Crew

Our experienced security engineers implement detailed methodologies using proprietary and open-source tools, ensuring they can effectively assess your businesses capabilities to detect and mitigate attacks. All security testingengineers are thoroughly vetted and subject to in-depth and on-going professional, criminal and credit records checks.

When you choose Risk Crew, you’re electing to work with qualified experts.

Best Practice

Risk Crew follows best practices including OWASP and NIST

Accredited

Engineers carry CREST, C√SS, C│EH and GIAC credentials

Certified

Engineers hold CISSP, CISM and CRISC certifications

Subject Matter Experts

Risk Crew engineers are SMEs with published articles in industry journals & magazines

Let Risk Crew help your organisation to identify, minimise and manage the risk of a breach with a vulnerability assessment.

Frequently Asked Questions

Best practice is to conduct a security vulnerability assessment quarterly (once every three months) and/or after any significant change to the system.

A security vulnerability assessment most commonly identifies overlooked configuration flaws, excess builds, missing security patches and updates or fixes or programming errors that could be exploited.

A vulnerability assessment identifies security weaknesses associated with the target systems but does not attempt to exploit those weaknesses. Penetration testing entails identifying security vulnerabilities associated with the target system AND attempting to exploit them for unauthorised access.

Compliance to the Payment Card Industry (PCI), Data Security Standards (DSS) is required for business systems that process, store or transmit cardholder data (and any business systems that are connected to systems that process, store or transmit cardholder data). Vulnerability scanning must be done with an Approved Scanning Vendor (ASV) technology on all components of a card data environment quarterly. If this requirement applies to your business, ensure your vendor uses ASV technology in conducting these scans.

Request a Quote

Our experts will contact you to discuss your specific requirements

You may also be interested in:

[cf-secondary-nav-link href="https://www.riskcrew.com/security-testing/red-team-testing/" text="Red Team Testing"] [cf-secondary-nav-link href="https://www.riskcrew.com/security-testing/network-penetration-testing/" text="Network Security Penetration Testing"] [cf-secondary-nav-link href="https://www.riskcrew.com/security-testing/web-application-security-testing-consultants/" text="Web Application Security Testing"] [cf-secondary-nav-link href="https://www.riskcrew.com/security-testing/apt-testing-consultants/" text="APT Attack Testing"] [cf-secondary-nav-link href="https://www.riskcrew.com/security-testing/" text="See all Security Penetration Testing Services"]