Vulnerability scanning
We scan an app, a network or a website for vulnerabilities and security gaps. You benefit from a report without false positives.
DSecured uses various well-known and private software products to maximize the effectiveness of the vulnerability scan. Our experts manually review the results to avoid false positives and provide you with an accurate analysis.
Damian Strobel
Founder and CEO
"I consider vulnerability scans to be an absolute basic - definitely better than doing nothing."
What makes DSecured's vulnerability scan so special?
We don't just use one software solution, scan once, check on the fly and basically give you a more or less automatically generated report. There is no perfect software solution - every tool has its advantages and disadvantages - you have to know them. Tool A can be very good in the case of web applications - but it is less suitable for general scans against internal or external networks. Tool B, on the other hand, can do this better, but generally does not cope well with authentication - so basically an app is not really scanned.
We therefore scan with various tools - ranging from well-known public and commercial solutions to our own developments that solve specific problems better. This means you can be sure that our vulnerability scans are as efficient as possible. Before the actual scan, an expert looks at the target manually in order to configure the tools optimally. The entire process is monitored by a human to ensure that everything is scanned.
The results are summarized, evaluated and checked for false positives. The result is a clean report with clear recommendations for action. The findings are sorted by criticality and provided with a risk assessment.
What is a vulnerability scan?
Generally speaking, a vulnerability scan is an automated check of digital systems such as IT networks, websites, SPAs or APIs for security vulnerabilities. The goal is to identify known vulnerabilities in the target. This also means vulnerability scanning is usually part of a web application penetration test as well as part of a network penetration test.
How accurate is a vulnerability scan?
Modern vulnerability scanners are capable of detecting various security gaps, but they do so quite superficially. Automated methods often have problems understanding the target and so minor details can dramatically reduce the effectiveness of the scan. The latter is one reason why trained personnel should prepare and carry out the test. In general, a vulnerability scan is an important but very crude part of IT security strategies. A vulnerability scanner cannot replace a real attacker who is creative and familiarizes himself with the target.
You can greatly improve your cyber security by having your systems scanned for vulnerabilities.
What does a vulnerability scan cost?
Small vulnerability scans can be carried out from 400 euros. The price depends on the size of the target. The larger and more complex the target, the higher the costs. A scan of a large internal and external network that hosts various services, applications and applications should not be underestimated in terms of cost. We will be happy to provide you with an individual offer.
How often should a vulnerability scan be repeated?
As with almost all IT security measures, the answer is: it depends. We recommend having it carried out at least once a year. In the case of critical systems or significant changes to the source code or the network structure, you may want to consider having the scan more frequently.
Software we use for vulnerability scans
In addition to OpenVAS and nmap (including various scripts), DSecured also uses our external attack surface management solution Argos to find unknown security vulnerabilities and problems. The latter provides deep insights into a company's perimeter.
We primarily use Burp Suite and Nessus as automated scanner solutions. These cover classic security vulnerabilities well. Burp Suite is also used to validate findings. We also run our own plugins within Burp.
DSecured is constantly developing special scanners with primarily Golang or Python - these are also used to get an even better picture of the situation. Examples include our tools for path traversals, SSRFs and XSS.
Are there differences between a vulnerability scan and a penetration test?
A very clear YES. A vulnerability scan is an automated process to find as many vulnerabilities as possible within a very short time - these are often trivial things. Examples include poor encryption, passwords that are too weak or default passwords, outdated systems and forgotten updates. Although vulnerability scans are an integral part of modern IT, those responsible should be aware of their limitations.
In a penetration test, there is a highly qualified ethical hacker who goes very deeply into the functioning of applications and networks, tries to understand them and grasps the interrelationships. This usually allows them to find significantly more security vulnerabilities than a scanner ever could. A penetration tester's behavior and results are much closer to those of a real attacker, which is why pentests are often carried out against particularly vulnerable systems.
How does a vulnerability scan work?
After a kick-off meeting with the customer, the goal is defined. In the best case scenario, you already know exactly what needs to be scanned. Important matters are discussed and it is clarified, for example, when the scans should run so as not to disrupt regular operations. Although our scans are generally configured in such a way that they should have no impact on operations, as we tend to scan rather slowly, something like this still needs to be discussed in advance. In the case of internal vulnerability scans, access may need to be clarified; the same applies to all applications in the external network. Contact persons and communication channels must be defined. This also includes contractual matters. Scanning is then carried out, which can take minutes, hours or even days. A report is drawn up, which is later handed over to the customer. A presentation can be made on request.
Some companies we have been able to help
Further questions and answers on the topic
"Vulnerability scanning"
How often should we schedule vulnerability scanning for optimum security?
Vuln Scanning is the absolute base of IT security. It is also highly available - we always recommend to scan your systems at least once every 6 month. If you have a high traffic website or a lot of changes in your network, you should consider scanning more often.
What should we expect in the report from a vulnerability scanning session?
Simply speaking: a list of issues - cleaned of false positives.
Can vulnerability scanning disrupt our daily operations?
It should not. Usually we tweak the settings of a vulnerability scanner in a way it doesnt impact your daily operations.
How are security issues identified during a security assessment scan?
The vulnerability scanner tries to detect injection points and injects different types of payloads. Based on the reaction of the attack system, it is possible to tell, if this system is vulnerable or not.
Can I request a targeted assessment scan for a specific section of our network?
Yes. This is not an issue. We can set up our scanners in a way they will scan only the parts of your network you want to be scanned.
How long does a vulnerability scan take on average?
It depends on the size of your network. A small network can be scanned in a few hours, while a large network can take up to a few days.
Recommendations for what to do after a vulnerability scan
Get a quote