Skip to content

HMH Consultants & Security Services

London, UK & Houston, TX

Cyber Security Assessments

Network | Application | Data Breach | Scanning | Penetration | Research | Ransomware Simulation

The difference between a vulnerability scan and a penetration test

Vulnerability scans are great for a weekly, monthly, or quarterly insight into your network security, while penetration tests are a more thorough assessment of your overall information security posture.

Penetration Tests can be conducted from both the internet and inside your own infrastructure and at both the network and application level. Different tools look for different types of vulnerabilities to exploit and require very different skillsets in the consultant. At the network level the consultant needs to understand server and software configuration, at the application layer their skills are focused on code.

Vulnerability Scanning Assessment

A vulnerability scan is the first assessment we recommend.

We focus on conducting a dynamic assessment of the whole system which is used to highlight potential security vulnerabilities and misconfigurations.

The report grades each vulnerability according to the cyber common vulnerability scoring system (CVSS). The vulnerabilities found within this scan are the initial steps a hacker looks for before launching a full attack.



External Infrastructure Assessment

This assessment is aimed at assessing the external internet facing infrastructure of the clients company.

This assessment is designed to highlight and grade in severity of the vulnerabilities found in the system and indicate the foot holds a hacker would find and then exploit to gain illegal access to your system.


Internal Infrastructure Assessment

This assessment is primarily aimed at identifying attack routes within the client’s system and local area network (LAN).

This is used to mirror a hacker’s methods and direction in the system once an initial foothold has been established.



Web Application Assessment

This assessment is the process of proactively identifying vulnerabilities within your company website or web applications. Such vulnerabilities could lead to the loss of sensitive, confidential and financial information while also allowing a hacker access into your system. This assessment can be done according to a scope of work or as a blind test designed to probe and explore all aspects of your web application security.


Data Breach Discovery Assessment

This assessment is performed by an intelligence analyst using years of Open Source Intelligence (OSINT), dark web investigation experience and knowledge of black market data sites to gather information relating to personal and company data for sale and use in cyber crime. This would include but not exclusive to sensitive documentation, company usernames and passwords, social security numbers and any other form of data that has formed part of a data breach.



Cloud Security Assessment

We can conduct authenticated assessments of your cloud-based environment, to ensure you are compliant with the latest industry standards and protected against up-to-date threat actor TTP’s. Based on the 50 step Mcaffrey cloud security plan and benchmarking against the likes of GDPR, FISMA, HiPPA the MiTRE AWS framework and more.


Ransomware Simulation Assessment

RANSIM is HMH’s ransomware simulator is designed to test your systems response to that worst case scenario.

The RANSIM simulator causes no damage or harm to your systems but does complete a thorough assessment for all weaknesses and injection points specifically used by the majority of ransomware tools used by bad actors.