What is Vulnerability scanning?

It’s a way of looking at your devices/networks from the perspective of identifying any known vulnerabilities. The combination of a vulnerability and a threat creates a risk, i.e. the threat may exploit the vulnerability.

Do I need vulnerability scanning, what does it do for me?

Would you leave the front door of your business open after you go home for the night? No. Only by closing and locking all the doors and windows, and giving them a push/pull will you be confident (assured) that the business is locked down. You might install an alarm for extra assurance, but what about the access you can’t see.

Your internet and Wifi connection in to your business or website can provide a high level of access to information that you need to protect. Only by locking and closing doors in the digital/Cyber sense can you be assured that access is denied to those who should not have access.

Under GDPR and good business risk management testing that you don’t have any known vulnerabilities (open windows/easily picked locks) is required as you have an obligation to protect personal information that you hold be it customer or employee.

It makes good sense to protect your business from malicious types who may just want to damage your hard earned reputation or gain competitive advantage.

Having your systems tested frequently meets the requirement for Data Protection, may be required for cyber insurance. Over and above that it reduces the business risk, stops your business being the low hanging fruit hackers just love.

Our ethos is that security must support your business, and be relative to the real risk, so we won’t be suggesting you as an SME spend a fortune to defend against a foreign state, or suggest that everything needs to be replaced. No, we don’t sell hardware or software so there is no upsell from us, we will suggest practical steps, updating of software, re-configuration things that are effective and offer the best bang for your buck!

What happens during a vulnerability scan?

That depends, you can choice to have just your website, your external office internet connection, email, telephone, or all the devices in your business, or maybe you want to see just how far your WiFi goes (along way sometimes).

The tester will agree with you what is called the scope of test, this defines what, when and how the items you have decided will be tested. You can dictate what an how or we can work with you to guide you what’s important and what’s not.

At this stage you will discuss things that must not be tested, and if all hell breaks loose what happens. We need authorisation* to do any testing which may mean you will have to approach your web host to let them know that your site is going to be tested. They should be ok with this, if not it’s important you find out why, is it because they know that they have known vulnerabilities!

Once the scope has been sorted and authorisation is in place work will begin, this could take an hour or weeks, it’s best not to rush into these things,  so you get can get the best results.

*we will not scan devices, equipment and networks without authoritative permission as to do so would contravene the Computer Misuse Act 1990.

What do I get once the vulnerability scan has been finished?

The result of a vulnerability scan is hundreds of pages of gobbledygook, some providers will give you this and that’s it, others like us will filter it so that the important details are brought to your attention i.e. the signal and the non important stuff is put to one side i.e noise.

You still will get the gobbledygook as it’s yours, but in addition we will provide you a report that is readable by a non techy  called the executive summary and the technical report, using this you can seek support from an external IT support provider or your own.

If all you really want is the gobbledygook we can provide just that.

You want to know your systems are as secure as possible, don’t you?

Nothing is ever 100% secure but it can have various level of un-securedness! You get to choose because in business you are accountable and responsible so it makes sense to reduce the risks and protect what you have worked hard to achive.


  • Internal device scanning
  • External IP address testing
  • Footprinting – determine what information is in the public domain
  • Gain access
  • Phishing test
  • Social Engineering

Weekly, Monthly, Bi-Monthly, Quarterly, Bi-annually, yearly testing also available

Now what?

If you would like a scan or a conversation, email us at scan@aggress.co.uk or click the button below, include as much detail as you think is relevant and we will get in contact with you.