The process of evaluating the current security state Assets to find vulnerabilities that an attacker could exploit to gain unauthorized access to systems and information.
• Information gathering
• Assets Discovery
• Vulnerability Scanning
• Vulnerability Verification
• Removing false positive & Validations
• Exploitation & Post Exploitation (wherever possible and performed after customer approval)
Technical report, attack/vulnerability impact with mitigations guidelines/recommendations, revalidation test (if required), advisory