Home/ Services/ Vulnerability Assessment

03 Discovery

Know your real perimeter — and which fix will move the needle this sprint.

A continuous discovery and threat-modeling program. We tell you what is exposed, what an attacker would actually reach for, and which fix returns the most risk reduction per engineering hour.

CadenceContinuous

InputsASM · Code · Cloud · SBOM

OutputPrioritised backlog

Onboarding14 days

01 Overview

The unglamorous discipline that finds tomorrow's incident today.

Most vulnerability programs produce a 4,000-row spreadsheet that no engineer will ever read. We do the opposite: we surface the small number of issues that meaningfully change your risk posture, and we explain them in the language of the people who will fix them.

An Onidef vulnerability assessment is not a one-off scan — it is a continuous capability. We instrument your attack surface, your code, your cloud posture and your dependencies, then run a senior analyst across the signal weekly.

The output is not a CVE dump. It is a short, ranked list of what to fix this sprint, what to defer, and what to accept — with explicit reasoning. Each item is mapped to a piece of the threat model so you can explain to a regulator or a customer why something was prioritised the way it was.

We also keep a living threat model for your highest-value flows: authentication, payments, data export, admin escalation. The model is updated as architecture changes, not once a year for an audit.

02 How it runs

A continuous program, not a quarterly fire drill.

Onboarding takes two weeks. After that, the program is part of how your team ships software — quiet on calm days, loud when it needs to be.

01 · INSTRUMENT

Onboarding & instrumentation

Two-week onboarding to inventory assets, ingest cloud accounts, connect code repositories, set up SBOM pipelines and define your crown-jewel data flows.
02 · MODEL

Threat model & baseline

A structured threat model of your most sensitive flows. We document trust boundaries, abuse cases and accepted risks — kept under version control alongside your code.
03 · MONITOR

Continuous monitoring

Daily automated scans, weekly senior-analyst review. Drift, new exposures and emerging CVEs are correlated to your real attack surface — not flagged in the abstract.
04 · TRIAGE

Triage & prioritisation

Every finding is triaged by a senior practitioner against your threat model. Real risk is escalated; theatre is suppressed. Engineering teams receive a curated, sized backlog.
05 · ADVISE

Remediation guidance

Each ticket arrives with a written fix, a test for it, and an estimate. Where useful, we attach a draft pull request. Engineers can move on the work in the same sitting.
06 · REPORT

Monthly trend & quarterly review

Monthly trend report for security leads. Quarterly business review for executives — risk in business language, with a single chart of where the curve is going.

03 Deliverables

What you receive — every week, every month, every quarter.

A continuous program produces continuous artefacts. They are designed to drop into your existing tooling, not to create a parallel one.

Living threat model

A version-controlled document of trust boundaries, abuse cases and accepted risks — updated as your architecture changes.

Curated finding backlog

Direct integration with Jira, Linear or GitHub Issues. Each finding sized, prioritised, and accompanied by a written fix.

Attack-surface inventory

An always-current map of every internet-facing asset, certificate, exposed service and leaked credential associated with your organisation.

SBOM & supply-chain registry

Continuously generated, signed software bill of materials with transitive risk and remediation paths for every dependency tree.

Monthly trend report

Movement in mean-time-to-fix, finding density, exposure by service. Short, opinionated, two-pages-or-less by design.

Quarterly executive review

A working session with leadership. Where we are, where we are going, and what to defund or invest in for the next quarter.

04 Frequently asked

The questions about continuous programs.

If yours is not here, write to us. We will answer it in writing within one business day.

How is this different from a penetration test?

A penetration test is a focused, point-in-time exercise — typically 3–6 weeks. Vulnerability assessment is continuous: it watches the perimeter, the code and the cloud every day, and it prioritises engineering work in real time. The two are complementary; most of our clients use both.

Do you bring your own tooling, or use ours?

Either. We can deploy a stack we know and operate it for you, or we can run on your existing platforms (Wiz, Snyk, Semgrep, Tenable, Defender for Cloud, etc.). What matters is the senior judgement on top of the signal, not the brand of the scanner.

How quickly will I see actionable findings?

Within the first two weeks. Onboarding always surfaces things — forgotten subdomains, over-permissive cloud roles, exposed secrets. We will hand your team a small, high-impact backlog before the kickoff meeting’s ink is dry.

Can this replace our security team?

No, and we will not pretend otherwise. We extend a small in-house team or fill the role until you hire. We work best alongside an internal security lead — the work always lands better when there is someone accountable in your company.

How is this priced?

A monthly retainer based on attack-surface size, repository count and operating model. Onboarding fee is fixed. There is no per-asset metering and no surprise overage.

What if you find a critical issue?

Critical findings escalate within the hour to a named contact, through a pre-agreed channel. Where appropriate we will pause the program to focus on containment and bring in our incident response practice. There is no extra fee for that pivot — it is part of the retainer.