500+ customers place their trust in us – from startups to large companies
Application area
Find critical vulnerabilities in your systems before attackers do and exploit them. Identify shadow IT and unwanted services in your network.
Objectives
Identifying which systems and services are actually present and accessible, and which areas were forgotten in patch management and hardening.
Result
A meaningful assessment of the security level of the systems and services in scope with a detailed report on vulnerabilities, including recommendations for action.
How does your general security level look through the eyes of hackers and what "low hanging fruits" might they find?
A vulnerability scan always aims to identify all security-relevant vulnerabilities in a group of assets in order to assess the security level.
To increase efficiency and cover large infrastructures, we rely on state-of-the-art automated tools that are operated and evaluated by experts. We complement the result with targeted, advanced manual checks and also identify organizational flaws.
As a result, you receive a test report describing all identified vulnerabilities, assessing their risk, making useful recommendations, proposing prioritization and summarizing them in a management summary.
Regularly performed vulnerability scans help you maintaining the security level in the long term and provide an effectiveness check of your ISMS, as well as obtaining security KPIs.
Vulnerability scans are also a good entry point into the topic of security, as they can be implemented cost-effectively and efficiently, but still provide a well-founded indication of the current security level. Based on the results, you can plan further targeted assessments or initiate appropriate measures.
Characteristics
External attack surface analysis
As part of an attack surface analysis, we identify security-relevant vulnerabilities and areas for optimization in the publicly accessible infrastructure in order to assess the level of security. This is often also called an external infrastructure penetration test.
In the first step, we gather threat intelligence from common OSINT sources. The goal is to identify what all is part of your perimeter, match that to the scope and adjust it if necessary, and to know what third parties can determine about your infrastructure without further prior knowledge.
In the second step, the systems in scope are actively examined to identify active reachable services and to check their configuration. However, in contrast to red teaming, we do not exploit any vulnerabilities identified during this process; instead, we note them in the report and continue identifying additional vulnerabilities.
An attack surface analysis includes the following steps:
Preparation
- Coordination of the scope and the depth of testing
- Kick-off meeting
Execution
- Collection of threat intelligence (OSINT) to identify assets
- Automated scans for vulnerabilities
- Manual analysis and hacking
Evaluation
- Creation of a detailed report
Methodologically, we follow proven guidelines when performing attack surface analyses:
In terms of content, we are mainly guided by established standards:
- CIS Benchmarks (Review of configurations)
- IT-Grundschutz (Review of configurations)
- ISO/IEC 27001:2013 (for technical audits)
If necessary or useful, we extend these with standards from the OWASP project:
- Application Security Verification Standard (ASVS)
- Web Security Testing Guide
- Mobile Security Testing Guide
- OWASP Top Ten Projects, e.g. for Web Applications
In addition, we draw on our HvS vulnerability database, which is regularly fed with new attack vectors and test cases through our incident response and threat intelligence activities.
Internal vulnerability scans
An internal vulnerability scan identifies security-relevant weaknesses and areas for optimization in selected areas of the internal infrastructure, evaluates the current level of security, and provides concrete recommendations for improvement.
In such an assessment, we identify all assets in the internal network so that you can subsequently check your CMDB or asset management for completeness.
And we identify the most critical vulnerabilities and misconfigurations in your network that are frequently exploited by attackers, for example to gather information, escalate privileges or execute commands on other systems (remote code execution). It is this evaluation and prioritization by our experts that delivers significantly more benefits than just the technical result of the automated scan, as ransomware groups and other attackers will no longer have an easy time after implementing our recommendations and may look for other victims.
We usually perform internal vulnerability scans with a whitebox approach, i.e. with administrative rights for full transparency.
An internal vulnerability scan includes the following steps:
Preparation
- Coordination of the scope and the parameter
- Kick-off meeting
Execution
- Automated scans for vulnerabilities
Evaluation
- Preparation of a summary report
- Remediation action plan
Methodologically, we follow proven guidelines when performing attack surface analyses:
In terms of content, we are mainly guided by established standards:
- CIS Benchmarks (Review of configurations)
- IT-Grundschutz (Review of configurations)
- ISO/IEC 27001:2013 (for technical audits)
If necessary or useful, we extend these with standards from the OWASP project:
- Application Security Verification Standard (ASVS)
- Web Security Testing Guide
- Mobile Security Testing Guide
- OWASP Top Ten Projects, e.g. for Web Applications
In addition, we draw on our HvS vulnerability database, which is regularly fed with new attack vectors and test cases through our incident response and threat intelligence activities.
Ready for a vulnerability scan?
Let's agree on the scope, clarify the commercial aspects and convince you of our skills.
More HvS security assessments
Test your IT security with a security stress test! Find out how quickly attackers can infiltrate your network and what damage an attack could cause.
Check your IT security with a penetration test! Identify vulnerabilities in apps and systems before go-live or rollout and receive a detailed security assessment.
How well can you detect and defend against real cyber threats? Our Red Teaming Assessment simulates attacks to uncover vulnerabilities and improve detection.
The training camp for incident response teams. How quickly does your Blue Team recognize attacks? Is the severity correctly assessed and how long does it take to successfully defend against them? Send your team to training camp!
Professional industrial espionage often involves physical attacks or insider attacks (social engineering), even if the target is in cyberspace. Our social engineering assessments protect your company from social engineering attacks.
The cloud - whether IaaS, PaaS or SaaS - can be secure if it is planned and configured correctly. We help you to ensure this! Arrange a cloud assessment appointment with us today.