Vulnerability Assessment (VA)

Published by swasialam@gmail.com on

Vulnerability Assessment (VA)

Vulnerability Assessment (VA) is the process of defining, identifying, classifying and prioritizing vulnerabilities in IT infrastructure (like computer systems and network infrastructures) and applications. This will be helpful for the organization to understand the threats to its environment and to calculate risk and focus on solving bigger problems first and then focuses on smaller issues which has lower risk. Vulnerability Assessment does not include actual exploitation of vulnerability (which the hacker can do if he found that vulnerability) so it will reduces the harm that can affect the existing environment.

Steps of Performing Vulnerability Assessment

Vulnerability assessment can be divided into four steps.

1- Initial Assessment

Identification of assets, valuation of asset and criticality of the asset to the business. Also Identification of vulnerability assessment tools and techniques under guidelines of the vulnerability assessment policy.

Evaluate risk associated with the vulnerability scan for example, what will happen in case of the damage to the asset and then created a strategy to recover the asset to the original form.

Coordinate the time of vulnerability assessment with the asset owner.

2- Reconnaissance

Gather information about the asset. The data is gathered in order to better plan for your assessment. Reconnaissance can be performed actively (meaning that you are directly touching the target) or passively (meaning that your recon is being performed through an intermediary).

3- Scanning

Scanning requires the application of technical tools to gather further intelligence on your target, but in this case, the intel being sought is more commonly about the systems that they have in place. A good example would be the use of a vulnerability scanner on a target network.

4- Reporting

Reposting is the most important step. Pay attention to the details and try to add extra value on the recommendations phase. To get real value from the final report, add recommendations and risk mitigation techniques based on the criticalness of the assets, results and on the initial assessment goals.

Categorized your findings as per the vulnerability assessment policy. Policy normally defines the criticality levels like High, Medium, Low, this will help other to recognize the level easily.


Categories: BlogsTopics
Tags:

Related Posts

Topics

Methodologies of Penetration Testing

Methodologies of Penetration Testing In this tutorials we will explain the methodologies of penetration testing. There are multiple guides, standard and framework in the market. You can choose any of it based on your requirements Read more…

Blogs

What, Why, When and How Of Penetration Testing?

Why penetration testing is important? As we all know that the dependence upon IT infrastructure is getting more and more with each passing day. Security concerns related to IT adoption is also making more voices. Read more…

Topics

Penetration Testing Quick Guide

Penetration Testing Quick Guide Penetration Testing (PT) also called Pen test or ethical hacking is a  practice of authorized testing or authorized simulated attack on the IT infrastructure or application (web, mobile, desktop). The main Read more…