Contact

Send a message

Contact Us

Contact details

Social media

Twitter Follow Us
LinkedIn Connect with Risk Crew
Youtube Watch our videos

Security Vulnerability Assessment

A cost-effective assessment to identify security weaknesses

Request a quote

Reveal Hidden Risks Before Attackers Do

Risk Crew’s Security Vulnerability Assessment

Uncovers and prioritises weaknesses in your digital environment, delivering a clear roadmap to reduce risk and strengthen defences.

Whether at the network or application level, it’s a critical step in reducing your attack surface and preventing breaches.

Risk Crew provides security vulnerability assessments of:

  • Interior-facing networks
  • Exterior-facing networks
  • Web applications
  • Application programming interfaces (API)
  • Hosting platforms
  • Mobile applications

Risk Crew's 5 Phase Methodology

Confirming test scope, target IPs, URLs, APIs and specific locations of business information assets, compliance requirements, testing times, points of contact and rules of engagement.

Identifying vulnerabilities associated with targets, all the devices associated with the target network and associated hardware, operating systems and software security vulnerabilities related with these devices.

Determining false-positives and confirming risk-levels associated with identified vulnerabilities.

Documenting findings and specific step-by-step remedial recommendations.

Verifying vulnerabilities identified during testing were appropriately remediated.

Features and Components

Our assessments are conducted using best practice methods that utilise both manual and automated tools to authenticate the effectiveness of present security controls.

Methodology
Risk Crew's assessment methodology is based upon best practices established and defined by ISECOM's Open Source Security Testing Methodology Manual (OSSTMM) and Open Web Application Security Project (OWASP) Cloud Security Project guidelines.

Tools & Techniques
Our experts use both automated tools and manual techniques to identify security vulnerabilities that threaten the integrity of your systems. These may be configuration flaws, excess builds, missing security patches, updates or fixes or programming errors on internet-facing systems.

Examination
Additionally, our experts will examine how your servers appear to users on the internet and pinpoint where information is exposed, which could be exploited by attackers.

Risk Crew Deliverables

Risk Crew’s service provides a comprehensive report that details security vulnerabilities identified and specific actions for remediation, a courtesy workshop and on-call assistance.

 

Detailed Report

The report details specific vulnerabilities identified on the platform, how they were identified, methods and tools used to identify them and visual evidence if applicable. The report shall indicate a security vulnerability risk rating for risk reduction references.

 

Stakeholder Workshop

The report is presented in a workshop with applicable business stakeholders to ensure their understanding of the findings and the risks associated with hosting the business information assets on the platform.

 

On-call Advice Assistance

We provide advice and assistance for 30 days following the report submittal and answer any questions that arise from implementing remedial actions and ensuring risk reduction.

 

Retesting Included

We offer retesting to verify remedial actions were effective. Upon completion, we’ll provide you with a summary report verifying remedial measures have been implemented.

 

Transparent Pricing

Our fixed pricing services come with no unexpected added costs. Additionally, we offer a managed service to conduct penetration testing on a continual basis.

 

Customer Promise

Risk Crew provides an unparalleled penetration testing solution covered by a 100% satisfaction guarantee.

Security Vulnerability Assessment Benefits
The Risk Crew Security Vulnerability Assessment Service cost-effectively identifies the weaknesses associated with your systems for you to remediate and reduce the attack surface associated with your systems. Our security vulnerability assessment service includes:
Identifies weaknesses, remediates and reduces the attack surface associated with your systems.
Maintains the performance and availability of your customer systems and services.
Demonstrates compliance with legal and regulatory obligations.
Finds and plugs the security holes before they are discovered and exploited.
Assesses and confirms the security integrity of critical applications and services.
Enables better response to security incidents - minimising any impact.
Regular vulnerability testing helps identity, minimise and manage the risk of a security breach.
Gives a realistic view of your cyber security profile including what systems are specifically more vulnerable than others.

Why Choose Risk Crew

Best Practice Risk Crew follows best practices including OWASP and NIST
Accredited & Certified Engineers carry CREST, C√SS, C│EH and GIAC credentials and hold CISSP, CISM and CRISC certifications
Subject Matter Experts Risk Crew engineers are SMEs with published articles in industry journals & magazines

FAQs

Best practice is to conduct a security vulnerability assessment quarterly (once every three months) and/or after any significant change to the system.

A security vulnerability assessment most commonly identifies overlooked configuration flaws, excess builds, missing security patches and updates or fixes or programming errors that could be exploited.

A vulnerability assessment identifies security weaknesses associated with the target systems but does not attempt to exploit those weaknesses. Penetration testing entails identifying security vulnerabilities associated with the target system AND attempting to exploit them for unauthorised access.

Compliance to the Payment Card Industry (PCI), Data Security Standards (DSS) is required for business systems that process, store or transmit cardholder data (and any business systems that are connected to systems that process, store or transmit cardholder data). Vulnerability scanning must be done with an Approved Scanning Vendor (ASV) technology on all components of a card data environment quarterly. If this requirement applies to your business, ensure your vendor uses ASV technology in conducting these scans.

Request a Quote

Let Risk Crew help your organisation to identify, minimise and manage the risk of a breach with a vulnerability assessment.

Contact Us