Identify Your Low-Hanging Fruit.

Cybra offers a full suite of vulnerability assessment services in Australia.

What is a vulnerability assessment?

A vulnerability assessment is essentially a trimmed-down penetration test. The testing is completed at the identification and validation of identified vulnerabilities (no exploit attempts or further testing is conducted).

Vulnerability assessment pricing

Vulnerability assessments are low cost compared to penetration tests and are suitable for organisations with budgetary constraints.

Dangers of vulnerability assessments

All offensive security testing has a chance of adversely affecting systems, but this is very rare. All systems and networks should have adequate bandwidth and system resources before commencing.

Benefits of vulnerability assessments

The assessment identifies security gaps and vulnerabilities in internet-facing systems so the customer can remediate them before they are exploited by a malicious actor.

What systems can be tested?

Any service connected to the internet can be tested, including but not limited to websites, VPNs, email servers, firewalls, routers, web servers, and FTP servers.

Out of scope

The exploitation of identified vulnerabilities is out of scope for the assessment.

Approach

Vulnerability assessments are conducted by experienced security consultants using specialised software and tools remotely over the internet, simulating a malicious attacker who is attacking from the internet.

Types of vulnerability assessments

Vulnerability assessments cover a everything a penetration test does; however, testing stops after identifying vulnerabilities.


Authenticated testing

Most vulnerability scans are conducted without test credentials (unauthenticated). In some cases, authentication is beneficial for internal networks to identify outdated and vulnerable software packages.

Tools

Various open-source and commercial software and scripts are deployed during vulnerability assessments.

Some examples are network port and vulnerability scanning platforms.

Firewalls/WAFs

While firewalls and WAFs are effective and mitigating some risks of exposing systems to the internet, they can sometimes interfere with vulnerability assessment results. For the best outcome, Cybra will request that we are added to the allow-list of any such devices.

Detection / Monitoring

While not required, it is recommended to have some level of system and security monitoring in place during a vulnerability assessment; this allows the customer to observe how their systems react to a simulated hack, providing valuable insights for the security team.

What is a vulnerability assessment report?

After a vulnerability assessment, the observations, findings, results, and recommendations are presented in a professional report hand-written by our experienced consultants.

Who is the report for?

The vulnerability assessment report is formulated in a way that it can be read by executives/board, managers, and technical staff.

Compliance objectives

vulnerability assessment reports can be used as supporting evidence for relevant compliance frameworks.

What’s in the report?

The vulnerability assessment report includes an executive summary, technical summary, technical findings, vulnerability details, and recommendations on how to remediate all identified issues.

What format is the report in?

The vulnerability assessment report is securely delivered to you in PDF format.

The report is professionally laid out, so its easy for customers to navigate through the report.

Retest reports

Cybra offers an optional service to retest any vulnerabilities identified after you have a chance to fix the issues. This is known as a retest, and an updated report is provided to you showing all remediated and non-remediated issues.

More Penetration Testing Resources

Penetration Testing Australia
Learn the obvious and not so obvious benefits of modern Penetration Testing.
Penetration Test Australia | Sydney | Melbourne | Brisbane
A Complete Penetration Testing Guide for Businesses in Australia.

Book a free Cyber Security consultation today