Vulnerability Scanning is the intelligence driven deployment of scanning engines, updated with information from the latest threat intelligence feeds, to ensure the security of your systems, services and applications from a number of common attack vectors, exploited by both automated and manual attackers.


As new vulnerabilities are identified through manual techniques, this wealth of knowledge is used to update and improve scanning engines to identify the latest set of known threats.

Vulnerability scanning solutions can provide a method of conducting security assessments at regular intervals to ensure that your systems and services are maintained to a secure standard and kept updated against the latest emerging threats.

Although not a replacement for manual security testing, vulnerability scanning can ensure you are protected throughout the year against the most common and newly exploitable issues until a penetration tester can provide a more detailed and comprehensive overview regarding the state of your security.

A common request for many compliance requirements is whether your company conducts regular security assessments and maintains a secure business environment. Vulnerability scanning can provide an answer to this requirement and ensure your systems, services and data stay protected.

As part of our approach, our Penetration Testers use a combination of the most effective automated tools and techniques to identify vulnerabilities across your systems and services. Our extensive reports provide a thorough assessment of each vulnerability and provide business context alongside each finding.

This is supplemented by technical and non-technical descriptions to assist in prompt remediation activities and provide a thorough understanding of each issue.

A Vulnerability Scan and report will allow your business to:

  • Receive assurance around the security posture of your systems and services.
  • Make ongoing improvements to a systems security via specialist support, advice and consultancy.
  • Adhere to regulatory bodies who require regular Vulnerability Scanning to be performed.
  • Gain access to a dedicated team of specialist CREST Registered penetration testers who use the latest tools and techniques to accurately assess and identify emerging threats


1. What is the difference between a Manual Penetration Test and a Vulnerability Scan?

A manual penetration test is led by one of our CREST penetration testers and uses an intelligence led approach to assess any of your systems or services, identifying vulnerabilities beyond what a vulnerability scan can identify.

A vulnerability scan can provide a faster and more cost-effective alternative to a manual penetration test. Vulnerability scans can be utilised effectively on a regular basis to assess a large number of systems for the most common and easily exploitable issues which many malicious attackers may try to take advantage of.

2. Why do I need a Vulnerability Scan?

A new set of emerging threats and vulnerabilities are continually changing the threat landscape which organisations need to safeguard themselves against. Vulnerability scanning can provide regular assessments against a wide array of existing and new threats to ensure your business can effectively manage their security posture in between more in depth manual assessments.

3. What can I have tested as part of a Vulnerability Scan?

Internal and External systems and services can be assessed as part of any vulnerability scan, with options for unauthenticated and authenticated assessments, allowing you to gain insight into an array of potential issues which may be present within your system from a range of authentication levels.

4. What will I receive after the Vulnerability Scan has completed?

The deliverable from any Vulnerability Scan is a complete report, detailing each identified vulnerability against your business and relaying the risks that each issue poses to your systems and services.

The report provides a complete description of what each identified issue is and specific remediation advice on how to address the issue.