Vulnerability assessment

A vulnerability assessment provides you with a detailed overview of the vulnerabilities present within your environment or application.

The vulnerabilities identified are evaluated and classified based upon their impact on information security assurance (i.e. confidentiality, integrity and availability). These results are subsequently used to provide solutions and/or remediations as well as recommendations on strategic level. These are comprehensive and actionable recommendations to increase security posture and resilience.

Questions or request a quote?

Examples of common scope objects:

Websites and web applications offer more and increasingly complex functionalities, making them an integral part of our daily activities and business-critical processes. As a result, vulnerabilities (e.g., business-logic errors) can impact your business operations.

Whether your application is developed in-house, is an (on-prem) commercial product, or is a Software as a Services (SaaS) application, we will help you identify any vulnerabilities and areas for improvement. Our approach is based on several standards including the OWASP ASVS and includes the current OWASP top 10, but is by no means limited to the aforementioned.

Application Programming Interfaces (APIs) provide a standardization in communication between different (software) systems. APIs are increasingly used in combination with (web) applications. APIs use mostly the same techniques (e.g., HTTPS). The test approach for APIs is somewhat similar to that of web applications. However, the exact testing activities differ depending on the techniques used (such as REST, SOAP, etc.).

Traditional applications are executed locally on a system (e.g., a workstation). Often there is a client-server architecture, with a central data storage provided by the server component. Depending on the specific application and set-up, various aspects such as: authentication, security of communication channels, as well as local rights are reviewed.

Mobile applications are available for different platforms (e.g. iOS and Android) and various variants (native and/or hybrid) in which there is often a central API component. For a security assessment of a mobile application, the security measures in the application itself, but also, for example, rights on the underlying (mobile) operating system and communication with the API are reviewed.

During a vulnerability assessment against (part of) your organization's internal and/or external IT infrastructure, we look for potential vulnerabilities and areas for improvement from a network perspective. The identified vulnerabilities are not exploited to penetrate (further into) your infrastructure as it would be the case with a pentest. The results provide insight into the state of your patch management and configuration hardening.

A workstation today is mostly flexible, mobile, and sometimes not even company-owned (BYOD). The security of your organization is therefore partially in the hands of your employees. This makes it important that workstations (e.g., notebook, desktop) are set-up in such a way that they optimally support your employees in their work with minimal impact on the resilience of your organization. If you are wondering how effectively your employees' workstations are secured, a security assessment offers insight.

Various elements of your infrastructure can be placed in the cloud, and this can offer benefits such as scalability. However, the use of cloud services is not entirely without risk and therefore requires attention to the security regarding the set-up and usage. Is (part of) your infrastructure located in the cloud, and would you like to know if the security is effective, or where you can make improvements? Our consultants are here to support you!