What is Vulnerability Assessment?

--> Vulnerability refers to a weakness in the system.

--> Vulnerability Assessment is a process of testing the network and the information systems for security vulnerabilities in a consistent and repeatable manner.

--> It is the important job of an organization's security team to keep up to date with the latest security vulnerabilities that could threaten the network and information systems.

--> The vulnerability Assessment process typically includes which four activities such as,

i) Device Discovery

ii) Service Enumeration ( Checking for which ports are open on the device).

iii) Scanning ( Checking for configuration issues/ software bugs / unwanted services / Patches).

iv) Validation ( Verifying all the parameters).



--> Security Professionals should perform Vulnerability assessment in the case of,

i) When the new technology/software/hardware to be deployed in the organization.

ii) When the software updates or hardware updates are released.



--> Security Team in the organization should frequently check for CVSS for understanding specific vulnerability characteristics and severity.

--> CVSS is an open framework for knowing the characteristics and severity of software vulnerabilities.

--> CVSS scoring helps security professionals prioritize the specific vulnerabilities by vendor-defined severity, environmental impact, and exploitability.



--> Common open source tools used to perform vulnerability assessment include Metasploit and OpenVAS.



Md.Kareemoddin

CCIE # 54759

0 Comments