Vulnerability scanning

The problem

Due to increasing size, complexity and diversity of systems, maintaining an effective information security system is a difficult task. New vulnerabilities can be introduced by mis-configuration, human error or hardware or software flaws in new installations.

A vulnerability assessment should be performed on an organization's information system so the organization's risk can be properly assessed.

The service

Vulnerability scanning consists of a series of tests with various vulnerability scanning tools. Results are then manually sorted, examined and filtered so that a proper assessment of the tested system can be made.

As the identified vulnerabilities cannot be confirmed, vulnerability scan results are usually less reliable than those obtained by the penetration testing. For this reason INFIGO IS recommends that vulnerability scanning is conducted against less significant business systems and client workstations, while penetration testing is more suitable for critical servers/applications.

The benefit

Vulnerability scanning provides an organization with a list of all identified vulnerabilities with a  corresponding description and risk level. This allows the organization to assess the overall risk of its information system.

INFIGO IS recommends that vulnerability scans are conducted regularly so that new vulnerabilities can be timely identified. For business critical servers and applications, penetration testing is more appropriate.

contact 

• Security assesment
• Vulnerability scanning
• Penetration testing
• Web application security
• Security audit