Vulnerability Assessment & Penetration Testing


Penetration testing includes components of application vulnerability assessment, host vulnerability assessment, and security best practices. This type of test can be performed with or without detailed prior knowledge of the environment. When it is performed without prior knowledge additional steps will be taken to enumerate hosts and applications and to assess the ease with which any outsider could exploit publicly available information or social engineering to gain unauthorized access.

A typical penetration test will answer minimum following questions:
  • Is your network, host or application(s) vulnerable for an attack from inside or outside?
  • Is there any unauthorized access to critical resources?
  • Are social engineering techniques effective?
  • Are operational controls effective?

A penetration tester would look and will try to find out answers for the following questions for a minimum level:
  • Are there any remotely exploitable vulnerabilities exist?
  • Are there any patch level missing (Operating System or Apps)?
  • Are there any unnecessary services that could compromise any valuable assets of the organisation?
  • Are there any weaknesses on encryption implemented?
  • Are there any authentication weaknesses on implementation?

Host Based assessment and Penetration testing

Host based assessment deals with security of given workstation or server. Automated scanning tools are the primary mode of assessment. Additional hands-on inspection may also be necessary to assess conformance to security best practice.

This will answer questions like:
  • Is patching up to date?
  • Are there any unnecessary services running?
  • Are anti-virus/anti-malware signatures up to date?

In host based test the penetration tester(s) would act as a Sys Admin, and auditing the system and applications looking for:

  • Locally exploitable vulnerabilities
  • Patch levels (OS and Apps)
  • Access rights
  • Security best practices

Our Branches


Phone: +965 22417158 / 22250008
Fax: +965 22417156


Phone: +971 042781090 / 042781091
Fax: +965 22417156