My VULNERABILITY ASSESSMENTS deals with defining, identifying, classifying, and prioritizing vulnerabilities in computer systems, applications, and network infrastructure. I focus on the offering to businesses and industries the knowledge, awareness, and risk background to understand the threats to domain environments.
Most of the time, vulnerability assessments are required to accomplish compliance regulations as HIPAA, Sarbanes-Oxley, and PCI-DSS. The disadvantage of a vulnerability assessment is that it does not confirm if the found vulnerabilities are false positives and false negatives. Also, there are very dangerous misconfiguration that can only be found through manual testing.
My PENETRATION TESTING procedures are designed to secure the environments after finding, confirming, and patching found vulnerabilities; vulnerability assessments are designed to report possible vulnerabilities.
Some networks and systems are mature enough to run a penetration testing; others need to focus on running a vulnerability assessment to have an idea and starting point in relation to the security levels. Either way, I am here to help, do not hesitate to me.