wisemonkeys logo
FeedNotificationProfileManage Forms
FeedNotificationSearchSign in
wisemonkeys logo

Blogs

Vulnerability Assessment

profile
Neha koli
Sep 03, 2022
0 Likes
0 Discussions
198 Reads

What Is Vulnerability Assessment: -

A vulnerability assessment is a systematic review of security weaknesses in an information system.A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructure.

Vulnerability assessments also provide an organization with the necessary knowledge, awareness and risk backgrounds to understand and react to threats to its environment.

Examples of threats that can be prevented by vulnerability assessment include:
1 SQL injection, XSS and other code injection attacks.
2 Escalation of privileges due to faulty authentication mechanisms.
3 Insecure defaults – software that ships with insecure settings, such as a 
guessable admin password.

types of vulnerability assessments :-

 Host assessment – The assessment of critical servers, which may be vulnerable to attacks if not adequately tested or not generated from a tested machine image.

 Network and wireless assessment – The assessment of policies and 
practices to prevent unauthorized access to private or public networks and network accessible resources.

 Database assessment – The assessment of databases or big data systems for vulnerabilities and misconfigurations, identifying rogue databases or insecure dev/test environments, and classifying sensitive data across an organization’s infrastructure.

Application scans :– The identifying of security vulnerabilities in web applications and their source code by automated scans on the front-end or static/dynamic analysis of source code.

Vulnerability assessment: - Security scanning process

The security scanning process consists of four steps: testing, analysis, assessment and remediation.

 Vulnerability identification (testing):-
The objective of this step is to draft a comprehensive list of an application’s vulnerabilities. Security analysts test the security health of applications, servers or other systems by scanning them with automated tools, or testing and evaluating them manually.

Analysts also rely on vulnerability databases, vendor vulnerability announcements, asset management systems and threat feeds to identify security weaknesses.
 Vulnerability analysis:-
The objective of this step is to identify the source and root cause of the 
vulnerabilities identified in step one.
It involves the identification of system components responsible for each vulnerability, and the root cause of the vulnerability. For example, the root cause of a vulnerability could be an old version of an open source library. This provides a clear path for remediation – upgrading the library.
 Risk assessment:-
The objective of this step is the prioritizing of vulnerabilities. It involves security 
analysts assigning a rank or severity score to each vulnerability, based on such 
factors as:

1. Which systems are affected.
2. What data is at risk.
3. Which business functions are at risk.
4. Ease of attack or compromise.
5. Severity of an attack.
6. Potential damage as a result of the vulnerability

Remediation:-
The objective of this step is the closing of security gaps. It’s typically a joint effort by security staff, development and operations teams, who determine the most effective path for remediation or mitigation of each vulnerability.
Specific remediation steps might include:
1. Introduction of new security procedures, measures or tools.
2. The updating of operational or configuration changes.
3. Development and implementation of a vulnerability patch

 Vulnerability assessment tools:-
Vulnerability assessment tools are designed to automatically scan for new and 
existing threats that can target your application. Types of tools include:
1. Web application scanners that test for and simulate known attack patterns.
2. Protocol scanners that search for vulnerable protocols, ports and network 
services.
3. Network scanners that help visualize networks and discover warning signals 
like stray IP addresses, spoofed packets and suspicious packet generation from a single IP address.
It is a best practice to schedule regular, automated scans of all critical IT systems. 
The results of these scans should feed into the organization’s ongoing vulnerability 
assessment process.

Vulnerability assessment and WAF(Web application firewall):-
Imperva’s web application firewall helps protect against application vulnerabilities 
in several ways:
1. As a gateway for all incoming traffic, it can proactively filter out malicious 
visitors and requests, such as SQL injections and XSS attacks. This 
eliminates the risk of data exposure to malicious actors.
2. It can perform virtual-patching — the auto-applying of a patch for a newly 
discovered vulnerability at the network edge, giving developers and IT teams 
the opportunity to safely deploy a new patch on the application without 
concern.
3. Our WAF provides a view of security events. Attack Analytics helps 
contextualize attacks and expose overarching threats, 


Comments ()


Sign in

Read Next

To-Do List In LISP

Blog banner

Does School Infrastructure Really Matter For Learning?

Blog banner

This Windows 11 encryption bug may cause data damage

Blog banner

Power of words

Blog banner

Microsoft Windows Overview

Blog banner

INTERRUPTS

Blog banner

Why Extreme Opinions Are Rising: Psychological Insights into Society’s Divides

Blog banner

Explain the concept of ( MIS) Management information systems

Blog banner

Why Progressive Web Apps (PWAs) Are Replacing Traditional Websites

Blog banner

DISK SCHEDULING

Blog banner

Hello World

Blog banner

(Input/Output) in os

Blog banner

GUIDE TO GIS

Blog banner

What Is Experiential Learning and Why Does It Work Better Than Rote Learning?

Blog banner

Sweet Mango Murabba

Blog banner

City of Mumbai (Bombay):

Blog banner

What Makes a School Safe, Supportive, and Student-Friendly

Blog banner

Puri Jagannath temple

Blog banner

Navigation With Indian Constellation(NavIC) by ISRO in Geographic Information Systems

Blog banner

RAID

Blog banner

The Lunchbox That Came Back Untouched — How to Handle a Fussy Eater at Preschool Age

Blog banner

What is service level Agreement?

Blog banner

Philadelphia Experiment : Was it real?

Blog banner

Access management

Blog banner

Building Confidence in Children Through Daily Routines and Play

Blog banner

Zero-Day Attack

Blog banner

I/O Management and Disk Scheduling

Blog banner

MY MOST THRILLED TREK ..... BHAIRAVGAD

Blog banner

Processes: Process Description and Control.

Blog banner

Footprinting

Blog banner

Models of Information Security.

Blog banner

Health and fitness

Blog banner

Scala - a programming tool

Blog banner

Challenges of Digital forensics in cloud computing environment

Blog banner

Data Security and Data Privacy in Data Science

Blog banner

Starvation

Blog banner

Women empowerment

Blog banner

OPERATING SYSTEM

Blog banner

Study on cyber and network forensic in computer security management

Blog banner

Product Discount Calculator

Blog banner

Service Transition Process in ITSM

Blog banner

TOP 5 GAMING GADGETS (2024)

Blog banner