Accueil > Sécurité > Audit > Vulnerability scanning - Internal

VULNERABILITY SCANNING - INTERNAL

> OBJECTIVES

Detect the technical vulnerabilities of a single system.


> METHODOLOGY

The vulnerability scanning service uses some automated tools in order to detect known vulnerabilities on a host system.

Vulnerability scanners typically works following a phased approach :

  • Detect the version of the target (either a single service or an OS)
  • Collect all the known vulnerabilities of this specific target from a database
  • Try to exploit the vulnerability
  • Report the vulnerability

This service can be proposed in two models : light or complete.
  • Light : runs the vulnerability scanners and send a report to the customer;
  • Complete approach : runs the vulnerability scanners and validate all the detected vulnerabilities before including them in the report. This ensures that the commonly found false positive vulnerabilities are avoided, giving a more precise view to the customer.


> BENEFITS

This allows the customer to have a precise view on the technical security of a particular asset. If the vulnerability scanning is performed from an external point (internet), this also gives the customer a view on its external exposure (for a complete view on the external exposure, see Penetration testing service).



FleXos s.a.  |  Tel: +32 (0)87 293 770  |  Avenue André Ernst, 20  |  B-4800 Verviers  |  info@flexos.be