Practice area

Managed Vulnerability Asessments

Managed Vulnerability Asessments
MWR’s Managed Vulnerability Assessments use a range of managed auditing and scanning services to transform your security position

Minimize risk and improve compliance

Annual penetration testing is a basic industry safeguard but how do you ensure system security for the rest of the year? Organizations need to fill the gaps by finding effective means to manage and monitor risk constantly.

MWR's Managed Vulnerability Assessments can be performed monthly, quarterly or ad-hoc to complement annual penetration testing. They combine toolsets with automated assessments, all supported by checks from a dedicated technical team.

We offer VA's as a customer-focused managed service, with adaptable scheduling, customized reporting and dedicated team to to verify validity. Results are delivered through MWR’s advanced Reporting and Security Management Portal, Fasthold.

"We use a suite of scanning tools to ensure complete and comprehensive results, giving our clients peace of mind in meeting their compliance obligations"

Carey Ryan, Service Delivery Manager

For our PCI services, MWR has Accredited Scanning Vendor (ASV) and Qualified Security Adviser (QSA) status.


Core Solutions

Vulnerability Assessments

By identifying known vulnerabilities attackers use to compromise systems, our scans provide essential data for patch management and other security measures

PCI ASV Scanning

This scanning reveals vulnerabilities in client payment card systems, in line with Payment Card Industry Data Security Standard (PCI DSS)

Web App Scanning

Detects common web app security problems such as XSS, SQL injection, Directory Traversal, insecure configurations, and remote command execution vulnerabilities

Wireless Security Scanning

Reveals rogue access points, as specified in section 11.1 of the PCI DSS standard (v1.2.1), that do not appear on your authorized device list

Our thinking on Managed Vulnerability Asessments


What is the point of Vulnerability Assessments?


FAQ - PCI Scanning


Scoping PCI Scans


How to not be PCI Compliant


Different Approaches to PCI Compliance


Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.