You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
Turn on more accessible mode
Turn off more accessible mode
Skip Ribbon Commands
Skip to main content
Turn off Animations
Turn on Animations
Back to GOV portal
Update My Profile
Change My Password
Computer Emergency Response Team of Mauritius
Vulnerability Scan & Pen Test
CERT-MU provides Vulnerability Assessment and Penetration Testing services.
Vulnerability scans assess computers, systems, and networks for security weaknesses, also known as vulnerabilities. These scans are typically automated and give a beginning look at what could possibly be exploited.
after a vulnerability scan completes, a detailed report is created. Typically, these scans generate an extensive list of vulnerabilities found and references for further research on the vulnerability. Some even offer directions on how to fix the problem.
The report identifies potential weaknesses, but sometimes includes false positives. A false positive is when a scan identifies a threat that’s not real. Sifting through reported vulnerabilities and making sure they are real and not false positives can be a chore but one that must be done. Luckily a good scanner will rank vulnerabilities into risk groups (typically high, medium, or low) and will often assign a “score” to a vulnerability so you can prioritize your search efforts on discovered items starting with those of the highest potential risk.
A penetration test simulates a hacker attempting to get into a business system through hands-on research and the exploitation of vulnerabilities. Actual analysts, often called ethical hackers, search for vulnerabilities and then try to prove that they can be exploited. Using methods like password cracking, buffer overflow, and SQL injection, they attempt to compromise and extract data from a network in a non damaging way.
Penetration tests are an extremely detailed and effective approach to finding and remediating vulnerabilities in software applications and networks. A good way to illustrate the benefits of a penetration test would be to use an analogy from the medical world. When something is wrong inside your body you can go get an X-ray to help diagnose your problem. The image produced by a simple X-ray machine can detect an obvious break in bone structure but is fuzzy and not good for seeing soft tissue damage. If you really want to find out in detail what might be going on inside a body, you need to have an MRI done that results in a detailed 3D model of bone and soft tissues together. That is similar to the difference between a simple vulnerability scan (fuzzy X-ray) and a penetration test (detailed MRI). If you really want to find deep issues in your application or network, you need a penetration test. And if you modify your systems and software over time, a regular penetration test is a great way to ensure continued security.