Where a penetration test is an exercise focused on emulating a specific threat actor, a vulnerability assessment does not emulate a hacker’s tactics or techniques, and seeks to identify potential vulnerabilities through vulnerability scanning.
Vulnerability assessments are a useful tool to periodically check for the existence of vulnerabilities at a cheaper price point than a full penetration test. They can be performed much quicker that a penetration test.
Shorebreak Security’s vulnerability assessment methodology is much more than simply running a vulnerability scanning tool and reporting the results. We validate the existence of vulnerabilities by determining if they are exploitable, eliminating false positives and producing a more accurate report.
A typical customer engagement to meet cyber security insurance requirements are quarterly vulnerability assessments and an annual penetration test.
The product of a vulnerability assessment is a “clean” vulnerability assessment report, and includes validation of remediation vulnerabilities.
Contact us today to discuss your vulnerability assessment requirements.