Vulnerability Testing

What is a vulnerability test?

A vulnerability test is the tool you need to check if your website or server is as secure as you want it to be. With a vulnerability test, you can get trained security testers to attempt an actual break-in of your system and thereby show you if your system can actually handle the presure of a real hacker attack.

Why should I worry about computer security?

Computer security is one of the areas that is often ignored in budget planning. It is therefore very normal for a company to have several serious security issues which hackers can and will take advantage of.
If you are so unlucky as to become a target of an experienced hacker, even as a small company you can expect relatively large economic losses. These usually consist of lost sales due to downtime, lost sales due to bad PR, salary for the people coming in Sunday morning to fix the system and, of course, consultant fees for the professionals making sure the system will not be successfully attacked again. All in all, this can sum up to somewhat large amounts, especially if your company has a big online presence, like e.g. a webshop. It is therefore a good economic decision to consider computer security and beat the criminals to it by getting all computer security problems located before incidents occur.

What is the difference between a security test and a vulnerability test?

A security test is a service we offer to companies who want to identify and correct security issues, so that companies are better secured against a hacker attack in the future. The purpose of a security test is therefore to solve security problems!
A vulnerability test, on the other hand, is a service we offer to companies to identify vulnerabilities and show the company that their system can be broken. The purpose of a vulnerability test is therefore to break down security and reveal a system's flaws!

So while you could say a security test always includes a vulnerability test, the two services are nonetheless suited for two different kinds of companies. A security test takes care of everything, while a vulnerability test is suited as a form of control service. This obviously also means a vulnerability test is significantly cheaper than a security test.

How does a vulnerability test work?

A vulnerability test, like a security test, consists of a large amount of manual labor and a small part automatized tools. The test starts with the usage of a number of tools, designed to make a so called "baseline" of the system we're testing. This gives us an overview of the system, which we can then use to identify interesting sections that are worth taking an extra close look at.
Basically we use a technique called systematic blackbox testing, which is similar to the method used in security testing, however in a downgraded version. "Blackbox" means that we don't have access to specifications about the system and therefore attack blind, like a normal hacker would. You thereby get a simulated attack executed on the same conditions as a normal hacker would have and thereby get the same results as such a hacker.
"Systematic" refers to the way we decide where and how to test, in that we evaluate which actions are possible and thereby which actions from an attacker would yield different reactions from the system. With this, we can decide where to test and how we would potentially get the system to react in an undesirable way.
So our approach is based on a combination of technique, experience and a small amount of automatized tools.
After a test, a report with the security issues is sent to the client, whom then approves the report. After this step, the vulnerability test is complete! If the client should afterwards want Aconiac to solve the problems, we will typically either upgrade the service to an actual security test, or the client can pay the current consultant prices.

If you have any further questions regarding our methods, please do contact us directly.

Price

A vulnerability test is typically sold at a fixed price of 540€ excl. VAT

Aconiac however has the right to deny doing the service at this price, if the system at hand is unfairly large or complex and therefore only will benefit from an actual security test. To order a vulnerability test, please use the button below or in the top right corner.