Italiano
  • English
  • Info:
    +39 080 5442048

    SER&Practices

    Vulnerability Assessment & Penetration Test

    Security

    VA-PT

    Vulnerability Assessment (VA) is the process of measuring and prioritizing risks associated with IT infrastructure to enable rational planning of technologies and activities that manage corporate risks.

    The Vulnerability Assessment takes a snapshot of the infrastructure and checks for any gaps in its configuration, allowing an evaluation of the state of security systems implemented on corporate networks, machines, or applications, where present, with the aim of detecting any protection deficiencies compared to known lists of technological vulnerabilities.

    Assessments are conducted using scanning tools, which provide configurable detection depth and granularity, based on the needs of the computer system under analysis. Vulnerability assessment tools allow for the customization of security policy, automated vulnerability analysis, and the creation of reports that effectively communicate security vulnerability findings and corrective actions to all levels of an organization.

    The main objectives of a Vulnerability Assessment are:

    Typically, a distinction is made between:

    • Network-based VA. Assessments carried out using network scanners. Network scanners can detect open ports, identify services running on these ports, and reveal any vulnerabilities associated with these services.
    • Host-based VA. Assessments performed using scanners resident on hosts or scanners with the ability to remotely access the same hosts. Host-based scanners can recognize system-level vulnerabilities including incorrect permissions on files, directories, and system registry, as well as software configuration errors. This type of assessment also ensures that systems comply with predefined corporate security policies. Unlike network-based scanners, it requires an administrator account or agent to be present on the target system to allow access with the necessary privileges.

    Vulnerability Assessment may involve a subsequent phase of Penetration Testing (PT) and Risk Assessment.

    Technology

    Nessus
    Nessus
    Rapid7 Nexpose
    Rapid7 Nexpose
    OpenVAS
    OpenVAS
    Burp Suite
    Burp Suite
    Metasploit
    Metasploit
    SQLmap
    SQLmap
    OSWAP ZAP
    OSWAP ZAP
    Wireshark
    Wireshark
    Aircrack-NG
    Aircrack-NG