Vulnerability Assessment

Vulnerability assessment is used to identify, quantify, and analyze security vulnerabilities in the IT infrastructure and applications. Offering vulnerability assessment services since inception, Spartans uses reliable tools to scan vulnerabilities and provides accurate and in-depth final reports.

IT infrastructure:

Network: We assess the efficiency of your network segmentation, network access restriction, the ability to connect to the network remotely, and firewall implementation.

Email services: We evaluate the susceptibility to phishing attacks and spamming.

Applications:

Web applications: We assess the susceptibility of a web app to various attacks following the Open Web Application Security Project (OWASP) Top 10 Application Security Risks.

Mobile applications: We evaluate the security level of a mobile app following OWASP Top 10 Mobile Risks.

Desktop applications. We assess how data is stored in an app, how this app transfers information, whether any authentication is provided.

Assessment Methods We Apply

Our security testing team combines automated and manual approaches to take full advantage of the vulnerability assessment process.

Automated scanning

To start the vulnerability assessment process, Spartans security engineers use automated scanning tools the choice of which depends on each customer’s needs, requirements, and financial capabilities. These scanners have databases, which contain known technical vulnerabilities and allow detecting your company’s susceptibility to them. The main advantage of the automated approach is that it is not time-consuming and ensures wide coverage of security weaknesses possibly existing in a range of devices or hosts on the network.

Manual assessment

Spartan’s security testing team performs the manual tuning of the scanning tools, as well as subsequent manual validation of the scanning findings to eliminate false positives. Upon the completion of such a manual assessment performed by our specialists, you get reliable results containing only confirmed events.

Vulnerabilities Classification Techniques We Apply

When conducting vulnerability assessment, we divide the detected security weaknesses into groups according to their type, severity level, etc. following the classifications below.

    • Web Application Security Consortium (WASC) Threat Classification. 
    • Open Web Application Security Project (OWASP) Testing Guide. 
    • OWASP Top 10 Application Security Risks.
    • OWASP Top 10 Mobile Risks.
    • Common Vulnerability Scoring System (CVSS). 

Classifying vulnerabilities allows Spartan’s security engineers to prioritize the findings according to the impact they may have in case of exploitation and direct your attention to the most critical weaknesses that need to be eliminated on a first-priority basis to avoid financial and security risks. 

Let's start a project with Spartans

Trusted Software Outsourcing and Quality Assurance Service