What is an Automated (Vulnerability) Scan?
An automated scan uses a vulnerability scanner (such as Acunetix, Netsparker, Nessus or Qualys) to
identify common vulnerabilities in systems and web applications. At the end of each scan, a report is generated automatically
that details the issues identified during the scan. This often includes a number of false positives and potential vulnerabilities,
since the issues are not manually verified. The reports include generalised risk ratings that do not take into account the system
design, the nature of the application and business logic.
What is a Penetration Test?
A penetration test is a largely manual process that involves multiple phases and is carried out by a
security professional. Although it may include the use of automated software, especially in the preliminary phases of the
test, a penetration test cannot be entirely automated. The process will be customised to meet client requirements and to
take account of the systems under test. All identified vulnerabilities are verified to remove false positives and are
exploited to demonstrate the real risks and impact of an attack. The resulting report includes a management summary, as well
as detailed information on each vulnerability, its risk rating, and mitigation advice. Post-test discussions ensure the results
and recommendations are fully understood.
- Run automatically by computer software
- Standardised and permits only minor customisation
- Vulnerabilities are not exploited
- Only looks at common vulnerabilities and a limited number of areas
- Unable to understand business logic
- Conducted by security professionals
- Customised on a test-by-test basis to meet client requirements
- Vulnerabilities exploited to reveal the full impact of each issue
- Creative process benefiting from the tester's experience
- Simulates the behaviour and thinking of a real-world attacker
- Analyses the logic behind a system and recognises logic flaws
- Includes potential and unverified vulnerabilities
- Includes false positives
- Risks are generalised and do not take into account the system architecture
- Professionally interpreted to remove false positives and understand the real risks
associated with each vulnerability
- Automatically generated
- Often unclear and may be 100+ pages
- Written by security experts and tailored to client systems and applications
- Clear and concise
- Includes high-level summary of findings
"Blind" versus "Informed" Testing
Blind Testing: If you would like us to test your firewall as if we were "real"
hackers, then you should tell us nothing at all about your installation. This means we have to perform a good
deal of under-cover work in approaching the hack in the same way a criminal would, using social engineering
and even physical break-ins.
Informed Testing: We sign a non-disclosure agreement with your organisation and you give us
details of your firewall solution - the overall design, the IP addresses, and so on. We are then able to run a
variety of tests against your firewall defence, using exploits appropriate to the devices and products actually
in use. This gives a thorough and cost-effective result.
What Tools Do We Use?
Unless you specifically instruct us otherwise, we use a combination of professional, commercial
tools and those that are used by the hacking community to conduct the tests. This ensures that we expose as many
vulnerabilities as possible whilst also helping to identify possible false positives - as well as false negatives.
What is the testing process?