Vulnerability Assessment
Nullforge offers this service as a standalone assessment or as a supplement after a penetration test engagement. This phase of security implementation is to ensure all common exposures are identified. Our team performs this assessment in a secure public server with industry-leading security assessment tools, during reporting process, we ensure all false-positive findings are eliminated.

Difference between Pentest & VA?

Often times penetration testing and vulnerability assessment gets mixed up. To give a clearer view a vulnerability assessment is mainly to enumerate all common security exposures without attempting to exploit it and prioritize the risk, a typical vulnerability assessment relies heavily on automated scanning tools such as Acunetix, Netsparker, Web Inspect or combination of industry recommended tools. Nullforge team ensures that we validate all automated findings to eliminate false-positive findings.

How Often do you need Vulnerability Assessment?

Frequent vulnerability assessments is always advised but this always depends on your organizational requirements or the nature of your business. This is to ultimately help you achieve a good security posture, protect your assets and reputation. The sooner vulnerability assessment is conducted the minimal window of opportunity for any attackers can leverage both the unknown and known vulnerabilities to your organization that adversaries can exploit. This makes vulnerability assessments crucial for any organization. Nullforge can offer you extensive and flexible approach depending on your needs.

Our Approach

System Discovery - Identifies servers, appliances and other devices on the network.

Service Discovery - Identifies the open ports and services available on each discovered system, such as mail and web servers.

Vulnerability Detection - Performs tests based on the OS, protocol and application fingerprinting data gathered in the discovery phase.

Vulnerability Classification - Scores, ranks and identifies vulnerabilities using the Common Vulnerabilities and Exposures (CVE) dictionary.

Vulnerability StatisticsStatistics by: Acunetix

By Web Vulnerability based on severity rating

Code Execution

SQL Injection
File Inclusion
Cross-site Scripting

By Paradigm

Web Application
Network perimeter