Free Quote


We will work with your administrative personnel to determine the most effective manner in which to perform the internal vulnerability assessment
Nix-Dev / Services / Vulnerability Analysis Services

Vulnerability Assessment and Analysis

Vulnerability assessment is a core part of any security consultant or penetration tester’s playbook, and is usually the best way to get an initial idea of how open a network is to an attack. When conducting vulnerability assessments, what you do with the data is often more important than the data itself. These days, every vulnerability scanner can detect critical vulnerabilities among the majority of OS types and systems. Turning that raw data into actionable intelligence is a bigger challenge; when you get 1000s of vulnerabilities after a scan, how do you know where to start?

At the root of any good vulnerability assessment is the ability to take a big-picture view of the cyber threats an organization is facing. Nix-Dev does this through the use of the most sophisticated analysis tools available and the extensive experience of our certified IT security engineers. Our job goes beyond discovering and classifying vulnerabilities; it includes mitigating any future risks to your network.

Top-Notch Services

Vulnerability Detection

Vulnerability Detection

Detecting hidden, deeply-embedded vulnerabilities in your IT infrastructure requires complex applications, and ours dig deep. The software we employ is cutting-edge and versatile, performing port scans, database scans, ERP software scans, web application scans, and a variety of other functions to scour your network and systems high and low.
Vulnerability Research

Vulnerability Research

Vulnerability research takes detection and assessment to another level. It involves advanced analysis as much as it does advanced software, and that’s where Nix-Dev really shines. Our teammates’ backgrounds in computer forensics mean we’re experienced in reverse engineering, static analysis, and code analysis, and we’re able to examine not only how software works, but how it fails.
Vulnerability Remediation

Vulnerability Remediation

Vulnerability detection protocols can’t stand alone; they must be supplemented by vigorous, structured remediation processes. Depending on the classification -- high, medium, or low-risk -- the vulnerabilities that have been detected need to be resolved within a certain time frame, not only for security reasons, but to meet network security compliance standards as well.
Vulnerability Management-As-A-Service

Vulnerability Management-As-A-Service

Seeking and removing vulnerabilities can be a massive undertaking, especially for large-sized organizations with hundreds of users and thousands of endpoints. Are you up to the task of detecting, researching, and remediating all the weaknesses that can befall your network; or would Nix-Dev’s round-the-clock vulnerability management service keep you safer?

Just one security scan can spot hundreds or even thousands of vulnerabilities, so if you or your IT staff aren’t prepared for detection, research, and remediation duties full time, then Nix-Dev is the partner you need.

Frequently Asked Questions

What does the vulnerability assessment cover and how will it be performed?
This service is an off-site, non-exploitative test of up to 100 individual internal Internet Protocol (IP) addresses or nodes owned or controlled by your organization. To perform this service, you must designate the IP addresses you wish to be tested, and we will perform testing using our toolkit of automated testing solutions.
What is a non-exploitative test?
The IT security industry has not yet developed consistent or standardized terms for describing the specific characteristics of penetration tests or vulnerability assessments. In many settings, the terms ‘penetration test’ and ‘vulnerability assessment’ may be used interchangeably, while in other settings a ‘penetration test’ may refer to more in-depth testing that seeks to actively exploit detected vulnerabilities in order to compromise (or demonstrate the ability to compromise) specific systems or assets. When we describe our testing as non-exploitative, we are referring to the fact that we will report on detected vulnerabilities or weaknesses but we will not attempt to actively exploit these findings. Within the context of this service, the terms penetration test and external vulnerability assessment are generally synonymous while internal vulnerability assessment refers to testing focused on devices ‘behind’ the firewall or logically located so that they are not directly Internet-facing.
What tools will you use to perform the test?
Our toolkit is constantly reviewed to ensure we are able to meet the challenges presented by a continuously evolving security environment. Representative tools we have used include Metasploit, Nessus, & Retina. The tool(s) selected for your engagement may vary based on our perception of the appropriate tool necessary to properly assess your environment. As a rule, we only utilize subscription-based tools in order to ensure we are using tools with updated definition files to facilitate testing for recently emerged exploits or vulnerabilities.
What is required to perform a remote test and how will you attach to my network?
We will work with your administrative personnel to determine the most effective manner in which to perform the internal vulnerability assessment. Generally, your test can be performed through allowing Superior a temporary Virtual Private Network (VPN) connection into your internal network. We will require domain-level administrative credentials in order to perform the test and we will require you to setup a dedicated account for this purpose. All testing is originated through use of a dedicated Virtual Machine (VM), which will be the only device that fully authenticates to your network. We do not re-use VMs for testing and each test will be conducted using a ‘new’ VM instance created from a clean template. We strongly recommend our clients enable any necessary logging and adopt practices to ensure our administrative and VPN accounts are terminated or disabled after the completion of our testing.
Who will perform our test? Do you utilize 3rd party contractors or outsourcing for this service?
Your test will be performed by direct employees of Nix-Dev. We will not utilize 3rd party contractors to perform any of our testing without providing prior notice to you and, unless otherwise stated, all testing will be performed by our direct employees.
What is the time frame for performance of a vulnerability assessment?
We can generally perform your internal vulnerability assessment within one to two weeks after we have a signed engagement letter. If your circumstances require an expedited test, please don’t hesitate to contact us as we can often create availability in our schedule for you.
How will we receive the findings from our vulnerability assessment?
We issue a formal report for all of our review services. This report will include an overview of the findings from our test (management report), as well as any recommendations regarding remediation. A copy of the full testing results will be included as an appendix to our report. We issue all of our reports in electronic format (PDF) via our proprietary secure website or via secure e-mail. Report turnaround time generally requires one to two weeks in order to process the report through our internal quality control function

Just drop us an email briefly describing your needs, and our team will get back to you shortly.