Vulnerability testing is part of security testing and is used to determine the vulnerability of a system or application. The purpose of the test is to detect current vulnerabilities in the system. The vulnerability could lead to an attacker gaining access to the system or the data stored on it.
- design errors
- configuration errors
- software error
When to have the vulnerability test done?
- when introducing a new system
- if you store sensitive data and data leakage is commercially critical
you want to ensure data security
- when reviewing an existing system to prevent future hacks.
Types of vulnerability testing
- black box method – the customer does not provide any information about the system for the test.
- white box method – we get all information about the system.
- gray box method – we receive partial information about the system from the customer.
During the vulnerability test we try to reach the deepest possible level (data level) in the system.
The process of vulnerability testing
After a partial scan of the software and hardware environment, our experts exploit the identified vulnerabilities to determine whether a potential attacker:
- how deep can get into the system
- what data and information can acquire
- if it is possible for an attacker to run malicious code, putting the system at constant risk
- actual damages depending on the above
Result of vulnerability testing
As a result of the investigation, you will get a comprehensive picture about the effectiveness of your information security protection solutions and the possibilities of exploiting existing vulnerabilities. We provide additional assistance in correcting mistakes.
Manual and automatic testing
- Attack modeling
The reasons you should choose us:
- BerényiSoft’s specialists and partners have more than 15 years of professional experience in the field of software development and IT operation.
- We work with qualified professionals with degrees
- We pay special attention to quality assurance and automated testing
Our further service: IT and business risk analysis
Within the usual risk analysis, the organization assesses its threats, the estimated effects of these threats and the probability of their occurrence. The risks identified can be both IT and non-IT (business, reputation, etc.). However, by identifying the risks the controls have not been evaluated yet, so the risk must be reduced. Controls that reduce the impact of the risk and/or the likelihood of its occurrence are evaluated. When evaluating the effectiveness of controls, we obtain residual risk. Aware of the residual risk the organization must decide whether to accept or reduce it by applying additional controls, possibly transferring its effects (eg through insurance). Finally, you can eliminate the risk itself by eliminating the root cause.