Vulnerability scans
Which systems and services are accessible at your perimeter? Do these even attract attackers? Which level of basic security does your internal infrastructure have? An examination of the attack surface answers these questions!
The benefits of vulnerability scans
How does your general security level look through the eyes of hackers and what "low hanging fruits" might they find?
A vulnerability scan always aims to identify all security-relevant vulnerabilities in a group of assets in order to assess the security level.
To increase efficiency and cover large infrastructures, we rely on state-of-the-art automated tools that are operated and evaluated by experts. We complement the result with targeted, advanced manual checks and also identify organizational flaws.
As a result, you receive a test report describing all identified vulnerabilities, assessing their risk, making useful recommendations, proposing prioritization and summarizing them in a management summary.
Regularly performed vulnerability scans help you maintaining the security level in the long term and provide an effectiveness check of your ISMS, as well as obtaining security KPIs.
Vulnerability scans are also a good entry point into the topic of security, as they can be implemented cost-effectively and efficiently, but still provide a well-founded indication of the current security level. Based on the results, you can plan further targeted assessments or initiate appropriate measures.
Characteristics
As part of an attack surface analysis, we identify security-relevant vulnerabilities and areas for optimization in the publicly accessible infrastructure in order to assess the level of security. This is often also called an external infrastructure penetration test.
In the first step, we gather threat intelligence from common OSINT sources. The goal is to identify what all is part of your perimeter, match that to the scope and adjust it if necessary, and to know what third parties can determine about your infrastructure without further prior knowledge.
In the second step, the systems in scope are actively examined to identify active reachable services and to check their configuration. However, in contrast to red teaming, we do not exploit any vulnerabilities identified during this process; instead, we note them in the report and continue identifying additional vulnerabilities.
An attack surface analysis includes the following steps:
Preparation
- Coordination of the scope and the depth of testing
- Kick-off meeting
Execution
- Collection of threat intelligence (OSINT) to identify assets
- Automated scans for vulnerabilities
- Manual analysis and hacking
Evaluation
- Creation of a detailed report
Methodologically, we follow proven guidelines when performing attack surface analyses:
In terms of content, we are mainly guided by established standards:
- CIS Benchmarks (Review of configurations)
- IT-Grundschutz (Review of configurations)
- ISO/IEC 27001:2013 (for technical audits)
If necessary or useful, we extend these with standards from the OWASP project:
- Application Security Verification Standard (ASVS)
- Web Security Testing Guide
- Mobile Security Testing Guide
- OWASP Top Ten Projects, e.g. for Web Applications
In addition, we draw on our HvS vulnerability database, which is regularly fed with new attack vectors and test cases through our incident response and threat intelligence activities.
An internal vulnerability scan identifies security-relevant weaknesses and areas for optimization in selected areas of the internal infrastructure, evaluates the current level of security, and provides concrete recommendations for improvement.
In such an assessment, we identify all assets in the internal network so that you can subsequently check your CMDB or asset management for completeness.
And we identify the most critical vulnerabilities and misconfigurations in your network that are frequently exploited by attackers, for example to gather information, escalate privileges or execute commands on other systems (remote code execution). It is this evaluation and prioritization by our experts that delivers significantly more benefits than just the technical result of the automated scan, as ransomware groups and other attackers will no longer have an easy time after implementing our recommendations and may look for other victims.
We usually perform internal vulnerability scans with a whitebox approach, i.e. with administrative rights for full transparency.
An internal vulnerability scan includes the following steps:
Preparation
- Coordination of the scope and the parameter
- Kick-off meeting
Execution
- Automated scans for vulnerabilities
Evaluation
- Preparation of a summary report
- Remediation action plan
Methodologically, we follow proven guidelines when performing attack surface analyses:
In terms of content, we are mainly guided by established standards:
- CIS Benchmarks (Review of configurations)
- IT-Grundschutz (Review of configurations)
- ISO/IEC 27001:2013 (for technical audits)
If necessary or useful, we extend these with standards from the OWASP project:
- Application Security Verification Standard (ASVS)
- Web Security Testing Guide
- Mobile Security Testing Guide
- OWASP Top Ten Projects, e.g. for Web Applications
In addition, we draw on our HvS vulnerability database, which is regularly fed with new attack vectors and test cases through our incident response and threat intelligence activities.
