Vulnerability Assessment & Penetration Test

Nullforge offers a standalone vulnerability assessment or as a supplement after a penetration test engagement. With Penetration Test high security maturity can be verified by Nullforge by employing a mixed type of attack scenarios with industry-recommended tools to test the effectiveness of your security.

Difference between Pentest & VA?

Often times penetration testing and vulnerability assessment gets mixed up. To give a clearer view a vulnerability assessment is mainly to enumerate all common security exposures without attempting to exploit it and prioritize the risk, a typical vulnerability assessment relies heavily on automated scanning tools such as Acunetix, Netsparker, Web Inspect or combination of industry recommended tools. Nullforge team ensures that we validate all automated findings to eliminate false-positive findings.

VA Approach

System Discovery - Identifies servers, appliances and other devices on the network.

Service Discovery - Identifies the open ports and services available on each discovered system, such as mail and web servers.

Vulnerability Detection - Performs tests based on the OS, protocol and application fingerprinting data gathered in the discovery phase.

Vulnerability Classification - Scores, ranks and identifies vulnerabilities using the Common Vulnerabilities and Exposures (CVE) dictionary.