Identify weaknesses in your sites, Protect your brand and company.
LRQA Nettitude provides vulnerability assessments, systematic reviews of your Information Technology (IT) systems to identify weaknesses, correct the gaps and have well-defended data systems in place. We map, scan and identify vulnerabilities using vulnerability assessment scanners, industry-standard automated tools.
Hackers now can carry out highly sophisticated security attacks, and their tools and methods continue to evolve. Vulnerability assessments are critical in protecting your IT infrastructure and are integral to your cybersecurity scanning process.
The assessments will test hosts, networks, wireless, database and applications for Common Vulnerabilities and Exposures (CVEs). LRQA Nettitude will then analyse the vulnerabilities, assessing the nature of the CVE, its source and cause – to prioritise the different CVEs and remediate these vulnerabilities effectively.
In this way, LRQA Nettitude allows you to protect your software, hardware and data, safeguarding your brand and company – starting with a thorough cyber vulnerability assessment.
What can a vulnerability assessment scanner do for your company?
A vulnerability assessment will perform checks of your websites, computers, networks and systems, identifying potential threats and weak points in your IT infrastructure. It will perform both external and internal vulnerability analysis. An external analysis involves seeing how attackers can exploit vulnerabilities from an external network, while internal analysis focuses on how attackers can infiltrate from within when they have access to the internal network, like an intranet.
It is also crucial that vulnerability assessments be performed by a PCI Approved Scanning Vendor (ASV) like LRQA Nettitude. We carry out a thorough vulnerability assessment for your site and help you prioritise vulnerabilities.
LRQA Nettitude offers both self-service and consultancy-led ASV services. For self-service ASV services, LRQA Nettitude provides a self-service ASV portal for clients where you can carry out scans as required independently. For consultancy-led ASV services, LRQA Nettitude works as an extension of your cybersecurity team, running the tests and manually validating all vulnerabilities, sieving out false positives, which are threats identified by scans that may not be real.
How will vulnerability assessments be carried out?
LRQA Nettitude provides vulnerability assessment services for Singapore companies and will work closely with clients, understanding the objectives and security concerns fully before beginning any work
The Phases of Cyber Vulnerability Assessments
When carrying out a vulnerability assessment for your website, LRQA Nettitude follows a refined methodology that can be organised into four main phases:
- Reconnaissance and threat intelligence gathering
An assessment of cybersecurity vulnerabilities
Cybersecurity vulnerabilities can be broadly categorised into three main factors based on the nature of the threat: exploitability, detectability, degree of damage.
Exploitability is the level of skill or complexity of programming tools required to breach a security vulnerability. Security vulnerabilities that are high in exploitability require minimal programs or software like a web browser. Those that are low in exploitability are difficult to breach because the programming tools required are advanced.
Detectability is the level of visibility of the threat – whether it is displayed in a prominent location or can easily go undetected. Highly detectable security vulnerabilities may be captured in the URL and those that are not likely to be detected could be hidden within the source code.
Degree of Damage
The degree of damage is the level of impact should the vulnerability be breached. A high degree of damage is akin to a complete system crash while a low degree of damage indicates there is little or zero impact on the system.
What are the different types of Common Vulnerabilities and Exposures (CVEs)?
Vulnerability assessment scanners can monitor and detect vulnerabilities in several different layers of technology, including in the network, host and web applications layers. These include:
- Remote File Inclusion
- ASP Code Injection
- SQL Injection
- Cross-Site Scripting (XSS)
- Full Path Disclosure (FPD)
- DDoS attacks
Frequently Asked Questions About Vulnerability Assessments
Are vulnerability assessments automated and how long do they take?
Vulnerability scans can be automated, scheduled ahead of time, or can be performed manually. The duration of these scans can range from a few minutes to several hours.
How often should vulnerability assessments be carried out?
It is best to perform vulnerability assessments regularly or when significant changes are made to the IT infrastructure. You may carry out scans daily, weekly, or on an ad-hoc basis when preferred.
What is the difference between vulnerability assessments and penetration testing?
Vulnerability assessments are passive, automated scans that aim to detect potential vulnerabilities, while penetration testing is a hands-on examination by professionals who intentionally exploit your IT systems, looking to detect vulnerabilities.
A penetration test goes one step further than a vulnerability assessment, always involving actual humans, professionals with deep knowledge and experience in cybersecurity. These professionals take on the role of a hacker, attempting to exploit vulnerabilities – to solve them. A penetration test involves the phase of exploiting – a phase not included in a vulnerability assessment.
Get in touch with your local team today to find out more about vulnerability monitoring and cyber vulnerability assessment, and how you can protect your company from cyber-attacks.