The first step in creating an effective defense is figuring out where the vulnerabilities are in the system. Without this knowledge it is impossible to plan. Yoroi vulnerability assessment service provides an advanced analysis of the client's infrastructure vulnerabilities, assessing both the risks related to the business and the complexity of possible remedial actions, allowing the management to take the right decisions and set up a proper security plan. A vulnerability is the passage for threats to get into the system and manifest themselves. The main purpose of a vulnerability assessment is to identify, quantify and evaluate priorities and impacts of vulnerabilities within the client's assets. The main vulnerabilities detected during the assessment are: wrong configurations, outdated systems, default configurations. Yoroi assessment is carried on by both automated tools and our analysts. There are three different levels of service offered: not invasive, invasive and invasive plus attack. The not invasive option is based on external information gathering, which is usually the first stage of a cyber attack. The invasive option adopts a more in depth analysis, interrogating the assessed machines through ICMP, TCP or UDP. The next level is to add to the invasive approach an attack simulation in order to obtain reserved information and access to the system. At the end of the vulnerability assessment, Yoroi's team delivers an important tool for any organisation: a report listing identified vulnerabilities, priorities and risks.