Vulnerability Scans

Vulnerability Assessments

We offer CREST approved vulnerability assessment services for internal or external networks.

Vulnerability assessments are similar to penetration tests, but are mainly automated and aim to give you a high-level view of risks over a much larger area of your network, in a shorter amount of time.

We also offer fully automated monthly external vulnerability assessments as an interim scan between your manual penetration testing.

Vulnerability Assessments | Vulnerability Testing

Vulnerability assessments look for known vulnerabilities and report back potential exposures.  It is normally an automated scan using a commercial scanning engine tool.  It is different to a penetration test where a human tester uses a variety of different methods to try to exploit and verify any weaknesses. 

Vulnerability assessments are typically more frequently performed as an ongoing assessment against the environment. Typically external vulnerability assessments are performed monthly or quarterly in between any annual manual penetration testing to identify any potential changes to the environment such as missing patches, unsupported software or configuration weakness that may put the environment at risk and would go undetected until the next manual penetration test.

We can offer the following automated services:

Fully Automated Vulnerability Assessments

The scan and report is directly created from our scanning engine that is hosted on the Internet. There is no manual issue merging or review conducted with only the default scanning engine wording and risk level being output. There is no manual verification of false positives.

  • External vulnerability assessments (Unauthenticated)

CREST Approved Semi-Automated Vulnerability Assessments

The CREST approved scan is manually performed and created by a human consultant using the output and results from the scanning engine. The consultant will manual merge issues, review the output and create custom wording. They will also run some manual checks to reduce false positives.

  • External vulnerability assessments (Unauthenticated)
  • Internal vulnerability assessments (Unauthenticated and Authenticated)
  • Workstation and server patch checking sweeps (Authenticated)

Armadillo Sec are a CREST certified testing body and we are accredited to operate as a CHECK service provider. All of our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT Level. Our testers are also CHECK Team Leaders (CTL’s) or CHECK Team Members (CTM’s) and are approved to conduct government CHECK testing.

Our team have many years experience conducting a broad range of government and commercial tests and always aim to go the extra mile for our customers.

Vulnerability Assessments | Vulnerability Testing
Accredited Company
Certified Testers
Security Cleared Staff
No Cancellation Fees

Service Comparison

The table below details the features of our two different levels of vulnerability assessment as well as a comparison to manual penetration testing.
 
  •    Features

  • Scan ScopeScans can be performed externally from the Internet only or internally at your officesScan Scope
  • Commercial Scanning EngineConducted using industry approved scanning engineCommercial Scanning Engine
  • Full Port ScanFull TCP and UDP scans conductedFull Port Scan
  • Vulnerability ReportA summary graph is included within the report showing the number and level of risksVulnerability Report
  • Risk Ratings/CVSS ScoresIssues have ratings based on severity/impact/likelihood and include CVSS scoresRisk Ratings/CVSS Scores
  • CREST ApprovedApproved by CREST and aligns to CREST testing methodologiesCREST Approved
  • Human Manual VerificationIdentified issues from the scanning engine are manually checked to remove potential false positivesHuman Manual Verification
  • Issue MergingIssues are merged to avoid repetition of findings that relate to the same root causeIssue Merging
  • Custom Report Issue WordingWording used is customised by Armadillo, rather than using default wording from the scanning engine toolCustom Report Issue Wording
  • Certified Consultant LedAssessments are performed and reported by our in house certified security consultantsCertified Consultant Led
  • Issue ChainingChaining of issues to give an overal picture of risks to the environment by combining risksIssue Chaining
  • Manual Testing MethodsManual penetration testing and scripts are used as well as the results from the scanning engine to reduce false-positivesManual Testing Methods
  • Management Executive SummaryA custom written summary of risks to a non-technical audienceManagement Executive Summary
  • Report WalkthroughConsultant led phone conference or screen share to go through the findings and the reportReport Walkthrough
  • NCSC CHECK ITHC ApprovedIf required can be performed as a NCSC CHECK ITHCNCSC CHECK ITHC Approved
  • Fully Automated

  • Vulnerability Assessment

  • Scan ScopeExternal Only
  • Commercial Scanning Engineyes
  • Full Port Scanyes
  • Vulnerability Reportyes
  • Risk Ratings/CVSS Scoresyes
  • CREST Approvedno
  • Human Manual Verificationno
  • Issue Mergingno
  • Custom Report Issue Wordingno
  • Certified Consultant Ledno
  • Issue Chainingno
  • Manual Testing Methodsno
  • Management Executive Summaryno
  • Report Walkthroughno
  • NCSC CHECK ITHC Approvedno
  • Semi-Automated

  • CREST Approved Vulnerability Assessment

  • Scan ScopeExternal & Internal
  • Commercial Scanning Engineyes
  • Full Port Scanyes
  • Vulnerability Reportyes
  • Risk Ratings/CVSS Scoresyes
  • CREST Approvedyes
  • Human Manual Verificationyes
  • Issue Mergingyes
  • Custom Report Issue Wordingyes
  • Certified Consultant Ledyes
  • Issue Chainingno
  • Manual Testing Methodsno
  • Management Executive Summaryno
  • Report Walkthroughno
  • NCSC CHECK ITHC Approvedno
  • Manual

  • CREST Approved Penetration Testing

  • Scan ScopeExternal & Internal
  • Commercial Scanning Engineyes
  • Full Port Scanyes
  • Vulnerability Reportyes
  • Risk Ratings/CVSS Scoresyes
  • CREST Approvedyes
  • Human Manual Verificationyes
  • Issue Mergingyes
  • Custom Report Issue Wordingyes
  • Certified Consultant Ledyes
  • Issue Chainingyes
  • Manual Testing Methodsyes
  • Management Executive Summaryyes
  • Report Walkthroughyes
  • NCSC CHECK ITHC Approvedyes

Frequently Asked Questions

Vulnerability assessments are similar to penetration tests, but are automated and aim to give you a high-level view of risks over a much larger area of your network, in a shorter amount of time. Penetration tests typical use the same vulnerability scanning engine as the vulnerability assessment, however additional manual scripts, port scans and manual testing is then conducted to avoid false positives and where applicable combine and chain issues to give the full picture of the risk to the environment.

Vulnerability assessments are typically conducted when a full penetration test may not be required, or as a ongoing monthly or quarterly scan in between any manual penetration testing to ensure no changes or vulnerabilities have been introduced to the environment since the previous penetration test.

Vulnerability tests can sometimes produce what is known as "false positives" where the software assumes certain issues or vulnerabilities based on criteria, but these may be incorrect. However vulnerability assessments can be very useful for preparation before penetration testing, or to sweep larger network areas on a more regular basis.

The fully automated vulnerability assessment is 100% automated and the report is generated from our scanning engine. There is no manual verification by a consultant of false positives, and no customised wording. It is aimed to be run as a monthly high level scanning service to identify any high level issues such as missing patches or configuration weaknesses with the exposed services to the Internet.

The semi-automated vulnerability assessment is CREST approved and is a combination of the automated scans from our scanning engine, but with human verification of issues to reduce any potential false positives. Issues are grouped to avoid repetitive findings for the same issue and custom wording is used for each vulnerability identified, rather than default wording from the scanning engine. This service is intended to add more value than the automated scan and can be run as a one off scan, monthly or quarterly in between any manual penetration testing.

Unauthenticated Testing

This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues on exposed services. It does not login to the system, therefore does not run more detailed checks that would only be possible when using local administrative user credentials. 

Authenticated Testing

This tests the hosts in scope for any identified vulnerabilities in software versions or configuration issues, by logging into the host as an administrative user. This performs a much more detailed review and covers patch checking and configuration issues for the unexposed services on the host. If you wished to check all patching levels of systems across your network, an authenticated test would be the best option.

All our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT level.

CREST CertificationsCertified Testers
Practitioner Security AnalystsYes
Registered Penetration TestersYes
Certified Web Application TestersYes
Certified Infrastructure TestersYes
Certified Simulated Attack SpecialistYes
Certified Simulated Attack ManagerYes

crest approved

Our CREST member status can be viewed, along with the certified tester types we have on the below link:

http://www.crest-approved.org/membercompanies/armadillo-sec-ltd


Our testers are also CHECK Team Leaders (CTL's)  or CHECK Team Members (CTM's) and are approved to conduct government CHECK testing.

CHECK StatusCertified Testers
CHECK Team Member (CTM)Yes
CHECK Team Leader (CTL) - InfrastructureYes
CHECK Team Leader (CTL) - ApplicationsYes

Our CHECK status can be viewed on the below link: 

https://www.ncsc.gov.uk/professional-service/armadillo-sec-ltd-check-service

It is recommended that external vulnerability assessments are run on a more regular basis compared to penetration testing, this could be monthly or quarterly as cyber threats are constantly evolving and will detect any potential issues in between any annual testing.

If major changes are made to the infrastructure or new applications are developed, then it is recommended that additional testing is conducted. This ensures that any recent changes are not introducing new vulnerabilities into the environment.

Some certifications such as ISO 27001 or PCI DSS, require a certain frequency of testing to remain compliant.

Vulnerability assessment testing prices are calculated based on whether you require the fully automated or the semi-automated scans and the number of IP addresses required to be scanned and if the hosts are external or internal.

For each project we will technically scope your requirements and establish the time needed to complete the work. We will then provide a detailed proposal and breakdown of costs and options.

We supply a full vulnerability assessment report for the fully automated and semi-automated scans, which covers the following:

Fully Automated Scan

The fully automated and customised scan report is directly created from our scanning engine, without any manual issue merging or review conducted, with only the default scanning engine wording and default risk level being output. There is no verification and removal of false positives.

  • Vulnerabilities - A complete list of all issues identified per host (Critical, High, Medium and Low) using stock write ups from the scanning engine
  • Affected hosts - A list of all hosts affected, including the associated network port
  • Risk level - Overall risk ratings and CVSS score are listed for each issue
  • Output - Any output for the issue collected by the scanning engine
  • Recommendations - Stock recommendations of how to remediate the issues, including any reference to documents that can assist
  • Port Scan Results - A list of all open ports detected by the scanning engine
  • Risk Summary Graph - A visual graph of the number and risk level of vulnerabilities identified

CREST Approved Semi-Automated Scan

The CREST approved scan report is manually created by a human consultant from the results of the output from the scanning engine.  The consultant will manual merge issues, review the output and create custom issue wording. They will also aim to remove any false positive findings.

  • Detailed technical findings - A complete list of all issues identified (Critical, High, Medium, Low, Very Low, Informational) using custom in house write ups
  • Affected hosts - A list of all hosts affected, including the associated network port
  • Risk level - Impact, likelihood, overall risk rating and CVSS score are listed for each issue
  • Examples - Output or screenshots to demonstrate the issue collected by the consultant
  • Recommendations - Custom recommendations of how to remediate the issues, including any reference to documents that can assist
  • Risk Summary Graph - A visual graph of the number and risk level of vulnerabilities identified
  • Issue Merging - Manual merging of issues from the scanning engine to group similar issues to avoid repetitive findings within the report for the same issue cause

Sample reports can be supplied upon request to compare the differences between a fully automated vulnerability assessment, a semi-automated vulnerability assessment and a manual penetration test against the same test environment.

Our CREST approved vulnerability assessments align to the CREST VA requirements.

We offer the full range of cyber security testing services

Ready to discuss your project?

misson banner scs
Vulnerability Assessments | Vulnerability Testing