Vulnerability Assessments

A vulnerability assessment deals with defining, identifying, classifying, and prioritizing vulnerabilities in computer systems, applications, and network infrastructure. RedDefense Global focuses on the offering to businesses and industries the knowledge, awareness, and risk background to understand the threats to the environments and react appropriately.

There are certain differences between vulnerability assessments and penetration testing that we would like to share with our clients. A vulnerability assessment is an automated scan that identifies threats and vulnerabilities on a target network; on the other hand, a penetration testing is a manual process where a cyber-security expert conducts an offensive assessment to uncover vulnerabilities through exploitation.


Most of the time, vulnerability assessments are required to accomplish compliance regulations as HIPAA, Sarbanes-Oxley, and PCI-DSS. The disadvantage of a vulnerability assessment is that it does not confirm if the found vulnerabilities are false positives and false negatives. Also, there are very dangerous misconfiguration that can only be found through manual testing.

Penetration testing is designed to secure the environments after finding, confirming, and patching found vulnerabilities; vulnerability assessments are designed to report possible vulnerabilities. Some networks and systems are mature enough to run a penetration testing; others need to focus on running a vulnerability assessment to have an idea and starting point in relation to the security levels. Either way, RedDefense Global is here to help, do not hesitate to contact us.

============================================= -->