Security assessments

Security assessments allow you to gauge the state of your IT security using various activities. We advise different types of assessments depending on the desired insights as well as the maturity level.

Vulnerability Assessments and Penetration Testing (a.k.a. pentesting) (VAPT) are two types and their definitions are often used interchangeably. However, there is a distinct difference. The focus of a pentest lies on depth, usually combined with a specific security concern formulated in research question. A vulnerability assessment however, evaluates the assets in scope on the presence of vulnerabilities and weaknesses in a broader sense.

Regardless of your maturity level or security concerns, a suitable assessment to evaluate the resilience of your organization is always available. You can use the outcome to efficiently increase the security posture of your organization.

Questions or request a quote?
Vulnerability assessments

Vulnerability assessments

A vulnerability assessment provides you with a detailed overview of vulnerabilities.

More info
Red vs. Blue

Red team engagements

Is your organization (blue team) ready for a red team engagement?

More info
Penetration testing

Penetration testing

A pentest is an assessment type that is usually centered around a research question.

More info

Security assessment types

The characteristics/differences of common types of security assessments are outlined below. The appropriate type mostly depends on the security maturity level and the desired insight.

ThreatLabs offers tailored advice around this topic.

Vulnerability scan Vulnerability assessment Pentest Source code review Red teaming
Identification Automated Manual Manual Manual Manual
False positives
Lateral movement
Focus Breadth Breadth over depth Depth over breadth Thorough Depth (business processes)


ThreatLabs' standard approach is based on the Penetration Testing Execution Standard (PTES). To support this process, we developed our optional PTaaS portal.


We are happy to help your organization find a solution for an IT security issue within our field. This can be in project or program form. For example, to technically support your Security Officers. With their broad knowledge and experience in various sectors, our consultants are well equipped.

Discuss the possibilities together?