A Vulnerability Assessment is a method of evaluating the security posture of a system through the identification of vulnerabilities that have the potential for negative impact. Vulnerabilities are then documented and given risk ratings based on an industry-standard risk rating system. This service does not involve exploitation of the identified vulnerabilities, as is present with Penetration Testing.
The overall goal of a Vulnerability Assessment is to identify vulnerabilities, document them, apply risk ratings and formally document the results in a report combined with appropriate recommendations for remediation.
Information gathering via public websites, ARIN, job boards, domain lookup tools, etc
Active Scanning using networking/application mapping tools and manual processes
Enumeration of live devices searching for vulnerable services and mis-configurations
Documentation of vulnerabilities and best-practice steps for remediation
Report findings, evidence, recommendation, tools and methodology
A comprehensive report detailing the findings, risk ratings, recommendations, methodology, tools, evidence and screen-shots will be provided.