Security Vulnerability Assessment Service

A security vulnerability assessment is a methodical process of identifying the weaknesses (or security vulnerabilities) associated with the systems that process your business information assets. Findings are categorised according to their level of potential risk to the system and used to construct a remediation roadmap. A security and vulnerability assessment can be conducted on either a network or application-level and is a critical component of a business’ cyber risk reduction strategy. Reducing security vulnerabilities in your systems reduces their “attack surface” and minimises your chances of a breach.

Risk Crew provides security vulnerability assessments of:

  • Interior-facing networks
  • Exterior-facing networks
  • Web applications
  • Application programming interfaces (API)
  • Hosting platforms
  • Mobile applications

Additionally, Risk Crew provides a vulnerability assessment as required for compliance with the Payment Card Industry (PCI) Data Security Standards (DSS).

The Risk Crew security vulnerability assessment process shall be executed in the following 5 phases:

Exploiting Vulnerability Executing and Granted Access - Security Vulnerability Testing

Features and Components

Our assessments are conducted using best practice methods that utilise both manual and automated tools to authenticate the effectiveness of present security controls.


Risk Crew's assessment methodology is based upon best practices established and defined by ISECOM's Open Source Security Testing Methodology Manual (OSSTMM) and Open Web Application Security Project (OWASP) Cloud Security Project guidelines.

Tools & Techniques

Our experts use both automated tools and manual techniques to identify security vulnerabilities that threaten theintegrity of your systems. These may be configuration flaws, excess builds, missing security patches, updates or fixes or programming errors on internet-facing systems.


Additionally, our experts will examine how your servers appear to users on the internet and pinpoint where information is exposed, which could be exploited by attackers.

Risk Crew Deliverables

Risk Crew’s service provides a comprehensive report that details security vulnerabilities identified and specific actions for remediation, a courtesy workshop and on-call assistance.

Security Vunerability Assessment Benefits

The Risk Crew Security Vulnerability Assessment Service cost-effectively identifies the weaknesses associated with your systems for you to remediate and reduce the attack surface associated with your systems. Our security vulnerability assessment service includes:

✓Identifies weaknesses, remediates and reduces the attack surface associated with your systems.

✓Assesses and confirms the security integrity of critical applications and services.

✓Maintains the performance and availability of your customer systems and services.

✓Enables better response to security incidents - minimising any impact.

✓Demonstrates compliance with legal and regulatory obligations.

✓Regular vulnerability testing helps identity, minimise and manage the risk of a security breach.

✓Finds and plugs the security holes before they are discovered and exploited.

✓Gives a realistic view of your cyber security profile including what systems are specifically more vulnerable than others.

Why Choose Risk Crew

Our experienced security engineers implement detailed methodologies using proprietary and open-source tools, ensuring they can effectively assess your businesses capabilities to detect and mitigate attacks. All security testingengineers are thoroughly vetted and subject to in-depth and on-going professional, criminal and credit records checks.

When you choose Risk Crew, you’re electing to work with qualified experts.

Let Risk Crew help your organisation to identify, minimise and manage the risk of a breach with a vulnerability assessment.

Frequently Asked Questions

How often should I conduct security a vulnerability assessment?

Best practice is to conduct a security vulnerability assessment quarterly (once every three months) and/or after any significant change to the system.

What is the most common vulnerability identified in this type of assessment?

A security vulnerability assessment most commonly identifies overlooked configuration flaws, excess builds, missing security patches and updates or fixes or programming errors that could be exploited.

What is the difference between a vulnerability assessment and penetration testing?

A vulnerability assessment identifies security weaknesses associated with the target systems but does not attempt to exploit those weaknesses. Penetration testing entails identifying security vulnerabilities associated with the target system AND attempting to exploit them for unauthorised access.

What is a PCI Scan?

Compliance to the Payment Card Industry (PCI), Data Security Standards (DSS) is required for business systems that process, store or transmit cardholder data (and any business systems that are connected to systems that process, store or transmit cardholder data). Vulnerability scanning must be done with an Approved Scanning Vendor (ASV) technology on all components of a card data environment quarterly. If this requirement applies to your business, ensure your vendor uses ASV technology in conducting these scans.

Request a Quote

Our experts will contact you to discuss your specific requirements

You may also be interested in: