Risk/Vulnerability/Threat Assessments


A vulnerability assessment is the process of identifying and quantifying vulnerabilities or security weaknesses in a system or network environment. The assessment also provides comprehensive information about an organization’s overall security weaknesses, risk rating, and impact. CDL’s assessment methodology, processes, and recommendations take into account an organization’s business and security requirements and complexities, which translate to recommendations that are both reasonable and actionable.

The assessment consists of a broad review of a pre-defined sample set of systems or applications and their business criticality, vulnerability identification and analysis, validation, risk scoring, and reporting. A vulnerability assessment can be conducted on external and/or internal systems and credentials may be used to identify additional vulnerabilities while reducing the level of false-positive findings.

Our testing may strictly conform to standard public methodologies or be custom-tailored to meet an organization’s needs. CDL can provide testing on a large range of device types and applications covering network, server/workstations, mainframe/mid-range systems, virtual machines, SCADA, wireless, VoIP, mobile, web, databases, software, etc.

Below are the different types of vulnerability assessments CDL conducts:

  • Network Vulnerability Assessment – Identifying, analyzing, and reporting on network-based vulnerabilities of systems.
  • Configuration Assessment – Identifying, analyzing, and reporting on host-based vulnerabilities and insecure configurations covering both networked and non-networked applications and services.
  • Application Assessment – Focused, in-depth vulnerability analysis or source code review of applications covering web apps and services, database, software, and mobile applications.