Practice area

Managed Vulnerability Asessments

Managed Vulnerability Asessments

MWR’s Managed Vulnerability Assessments use a range of managed auditing and scanning services to transform your security position

Minimize risk and improve compliance

Annual penetration testing is a basic industry safeguard but how do you ensure system security for the rest of the year? Organizations need to fill the gaps by finding effective means to manage and monitor risk constantly.

MWR's Managed Vulnerability Assessments can be performed monthly, quarterly or ad-hoc to complement annual penetration testing. They combine toolsets with automated assessments, all supported by checks from a dedicated technical team.

We offer VA's as a customer-focused managed service, with adaptable scheduling, customized reporting and dedicated team to to verify validity. Results are delivered through MWR’s advanced Reporting and Security Management Portal, Fasthold.

"We use a suite of scanning tools to ensure complete and comprehensive results, giving our clients peace of mind in meeting their compliance obligations"

Carey Ryan, Service Delivery Manager

For our PCI services, MWR has Accredited Scanning Vendor (ASV) and Qualified Security Adviser (QSA) status.


Core Solutions

Vulnerability Assessments

By identifying known vulnerabilities attackers use to compromise systems, our scans provide essential data for patch management and other security measures

PCI ASV Scanning

This scanning reveals vulnerabilities in client payment card systems, in line with Payment Card Industry Data Security Standard (PCI DSS)

Web App Scanning

Detects common web app security problems such as XSS, SQL injection, Directory Traversal, insecure configurations, and remote command execution vulnerabilities

Wireless Security Scanning

Reveals rogue access points, as specified in section 11.1 of the PCI DSS standard (v1.2.1), that do not appear on your authorized device list

Our thinking on Managed Vulnerability Asessments


What is the point of Vulnerability Assessments?


PCI DSS Version 3.1


PCI Compliance: which SAQ is right for me?


Testing Times: the importance of the right mix


Different Approaches to PCI Compliance


How to not be PCI Compliant


Scoping PCI Scans


FAQ - PCI Scanning



As members of CHECK we are measured against high standards set by CESG for the services we provide to Her Majesty's Government.
We are certified in the ISO 9001 quality management system (QMS) in the UK, ensuring reliable delivery of our products and services.
We are certified to comply with ISO 14001 in the UK, an internationally accepted standard that outlines how to put an effective environmental management system in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR are approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.