New systems, legacy systems and every thing in between have vulnerabilities at various levels, some small/trivial, others large/catastrophic, some that are hidden, while others that are brazenly (actually unwittingly) open.
More or less, it resembles a buffet table with plenty of pickings for the malicious hacker or other actors trying to get to the data that you want to safeguard.
If you have not done any vulnerability assessment in the recent past, there is high probability that your systems have some weaknesses than can be exploited, Period!
If you recently wrote/deployed new code, there are high chances that security vulnerabilities have crept into that new code.
The simple path for mitigation of existing security risk is:
The preventive mechanism to reduce security risk is:
For existing systems and applications that have not been assessed and Pen Tested in the recent past, one can speed up the process by running a Pen Test that will provide vulnerability assessment.
The high priority (high risk) vulnerabilities uncovered by this baptism by fire method should be addressed first. If required, a full vulnerability assessment exercise can be undertaken later to further uncover other chinks in the armor, risk areas to fix.
Whether you do vulnerability assessment first or Pen Test first, the goal should be clear: Prioritize and fix the high-risk security flaws.
Do remember to re-run the Pen Test after deploying the fixes to verify what has actually been fixed.
At AgileSoft Systems, we provides a full array of vulnerability assessment & Pen Test services using open source tools for applications in Linux and Windows environments.