Vulnerability Assessment
Identifying and evaluating security weaknesses in systems
Vulnerability Assessment is the process of identifying, quantifying, and prioritizing security vulnerabilities in systems, networks, and applications.
Assessment Types
- Network Vulnerability Scanning - Discovering network-level weaknesses
- Host-Based Assessment - Evaluating individual system security
- Application Scanning - Identifying software vulnerabilities
- Database Assessment - Checking database security configurations
- Cloud Assessment - Evaluating cloud infrastructure security
Assessment Process
- Asset Discovery - Identifying systems and services
- Vulnerability Identification - Scanning for known weaknesses
- Analysis - Evaluating severity and exploitability
- Prioritization - Ranking vulnerabilities by risk
- Reporting - Documenting findings and recommendations
- Remediation Tracking - Following up on fixes
Vulnerability Scoring
- CVSS - Common Vulnerability Scoring System
- CVE - Common Vulnerabilities and Exposures
- CWE - Common Weakness Enumeration
- EPSS - Exploit Prediction Scoring System
Tools
- Nessus, Qualys, Rapid7 Nexpose
- OpenVAS, Nikto
- Burp Suite, OWASP ZAP
- Nmap, Masscan
- Cloud-native scanning tools
