Vulnerability Assessment
Systematic review of security weaknesses in your information systems. We evaluate susceptibility to all known vulnerability classes.
Vulnerability Assessment vs. Penetration Testing
A vulnerability assessment is broader but shallower than a penetration test. Where a pentest exploits vulnerabilities to demonstrate impact, a VA identifies and inventories every weakness across a defined scope — without exploitation.
This makes VAs ideal for:
- Large, complex environments where breadth matters more than depth
- Compliance requirements that mandate regular vulnerability scanning
- Pre-pentest preparation to reduce low-hanging fruit
- Organizations new to formal security assessments
Methodology
Discovery
We identify all in-scope assets — hosts, services, applications — through authenticated network scanning and OSINT.
Enumeration
Each identified service is fingerprinted and matched against:
- The National Vulnerability Database (NVD)
- OdiVex's proprietary threat intelligence feed
- Vendor security advisories and patch data
Risk Scoring
Every finding is assessed using CVSS v3.1 for base score and augmented with environmental factors specific to your architecture. We don't just give you a list — we tell you which things to fix first and why.
Compliance Coverage
Our VA methodology maps findings to:
- PCI DSS 4.0 (Requirement 11.3)
- HIPAA Security Rule (§164.308(a)(8))
- ISO 27001:2022 (Control 8.8)
- SOC 2 (CC7.1)