What is Vulnerability Scanning?
Vulnerability scanning is an advanced level of support that combines penetration testing with regular, on-demand vulnerability scanning, designed to identify exploitable vulnerabilities as well as triaging issues found in scanning.
Scans can be performed throughout the product life cycle, and at regular intervals as required; designed specifically from the ground up to emulate the process of a professional penetration tester to ensure maximum coverage and accuracy.
Benefits of Vulnerability Scanning
With comprehensive vulnerability management and historical scan detail, Zoonou test analysts’ can track issue progress, as well as simply and quickly perform retests of specific security concerns (without the need to perform full scans) to check for appropriate remediation.
Zoonou’s pen testing and vulnerability scanning methodology is CREST certified and aligned to industry standards and practices. An engagement with Zoonou will include:
- Scoping – we work with your team to get an understanding of the web application and define the boundaries & expectations of testing.
- Test planning & setup – our team perform end to end journeys through the web application to audit the test surface and guide the test approach.
- Test execution – manual and automated test cases are launched to identify any potential vulnerabilities and to test the security controls that are in place.
- Reporting & debrief – once test execution is complete, we publish a report detailing a summary of the project, as well as any issues found.
- Vulnerability scanning – this includes launching a cloud based vulnerability scan at the target web application to look for any potential vulnerabilities. Scans can be monthly or quarterly in frequency, or set in line with your sprint schedule.
Reporting and Remediation
As modern cyber security threats constantly evolve, Zoonou’s cyber security services provides clear and actionable information.
The report from Zoonou will comprehensively detail all issues found in priority order, along with steps to reproduce, any supporting evidence, and recommendations on how to further harden site security.