Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we will discuss the concept of Vulnerability Assessment, Vulnerability Assessment phases, types of assessment, tools and other important aspects.
Vulnerability Assessment Concept: This is a fundamental task for a penetration tester to discover the vulnerabilities in an environment. Vulnerability assessment includes discovering weaknesses in an environment, design flaws and other security concerns which can cause an operating system, application or website to be misused. These vulnerabilities include misconfigurations, default configurations, buffer overflows, Operating System flaws, Open Services, and others. There are different tools available for network administrators and Pentesters to scan for vulnerabilities in a network. Discovered vulnerabilities are classified into three different categories based on their security levels, i.e., low, medium or high. furthermore, they can also be categorized as exploit range such as local or remote.
Vulnerability Assessment Vulnerability Assessment can be defined as a process of examination, discovery, and identification of system and applications security measures and weaknesses. Systems and applications are examined for security measures to identify the effectiveness of deployed security layer to withstand attacks and misuses. Vulnerability assessment also helps to recognize the vulnerabilities that could be exploited, need of additional security layers, and information’s that can be revealed using scanners.
Types of Vulnerability Assessments Active Assessments: Active Assessment is the process of Vulnerability Assessment which includes actively sending requests to the live network and examining the responses. In short, it is the process of assessment which requires probing the target host.
Passive Assessments: Passive Assessment is the process of Vulnerability Assessment which usually includes packet sniffing to discover vulnerabilities, running services, open ports and other information. However, it is the process of assessment without interfering the target host.
External Assessment: Another type in which Vulnerability assessment can be categorized is an External assessment. It the process of assessment with hacking's perspective to find out vulnerabilities to exploit them from outside.
Internal Assessment: This is another technique to find vulnerabilities. Internal assessment includes discovering vulnerabilities by scanning internal network and infrastructure.
The online FancyText generator will make your words stand out when posting on social media.