SCENARIO-BASED TESTS
Automated vulnerability scan
Do you only have a requirement for a simple vulnerability scan and do not need manual testing methods? Then commission a cost-effective vulnerability scan.
Scope of the pentest
With this type of test, our experts check your IT systems with automated vulnerability scanners. The results of the vulnerability scanners are then validated, their risk assessed and adjusted for false positives. At the end, you will receive a final report incl. a catalog of measures to rectify the findings.
Exemplary vulnerability scanners in use:
Nessus Professional
Commercial vulnerability scanner with many scanning methods and plugins
Nuclei
Free, open-source vulnerability scanner based on community templates
OpenVAS / Greenbone
Free, open-source vulnerability scanner
An automated vulnerability scan has nothing to do with a comprehensive penetration test. A human pentesting expert finds more than a robot.
The results of an automated vulnerability scan usually contain false positives and an inadequate risk assessment. These must be corrected manually.
Automated scanners can only identify vulnerabilities that are known in advance and enable automated identification. But what about all the other weak points?
Automated vulnerability scan
Our approach
An automated vulnerability scan is not a penetration test. The test procedure is fully automated and only vulnerabilities that are publicly known in advance, and can be easily identified using automated tests, can be identified.
As a rule, the resulting findings are based on so-called “low-hanging fruits”, i.e. vulnerabilities that can be found very easily by attackers or automated tools. Such results are not comparable with the results of a manual, comprehensive penetration test.
Nevertheless, automated vulnerability scans, especially when performed regularly, provide a solid foundation for vulnerability management. IT systems or larger IT infrastructures can be automatically checked for common vulnerabilities so that these can be rectified promptly. This can already greatly reduce the attack surface and provides a good overview of typical vulnerability areas such as patch management and SSL/TLS.
By commissioning an automated vulnerability scan, our experts examine your IT systems using various vulnerability scanners. These include, for example, Nessus Professional and Nuclei. The scanners are professionally configured by our experts and adjusted to your target systems. The resulting findings are validated, false-positive findings are corrected and all results are documented in detail in a final report, including the results of the audit. catalog of measures.
Automated vulnerability scans are recommended for companies that cannot take care of vulnerability management on their own or have a very small budget. These are mostly small companies with a manageable number of IT specialists.
If your company already operates an independent vulnerability management and scanning system, our experts will be happy to support you in reviewing the results and assessing the identified vulnerabilities. However, the actual scanning and vulnerability management remains with you as usual.
For all other companies, we recommend carrying out regular penetration tests. All penetration tests at the Pentest Factory include an automated vulnerability scan as standard. As this can be fully automated and only consumes 10-20% of the time of a penetration test, it is included as standard. The remaining 80-90% of a penetration test involves extensive manual testing - carried out by a certified pentester.
If you are already in discussions with other providers, we recommend that you make sure that automated vulnerability scans are not advertised and sold as complete penetration tests. Pay attention to quality and always scrutinize the test methods and procedures.
Standards and qualifications
We follow recognized international standards for our pentest procedure.
Our penetration testers are highly qualified and certified with several recognized hacking certificates.
