What is Vulnerability Assessment?

By -

Vulnerability Assessment is also sometimes referred to as Vulnerability Analysis. Vulnerability Assessment is a part of vulnerability testing also known as VAPT.

VAPT comprises of Vulnerability Assessment and Penetration Testing. Each of these tests is conducted separately, they have different methodologies and yield different results. Although both focus on the same area.

Vulnerability Assessment is the process of conducting security assessments to identify the loopholes in the system which can be exploited by an outsider. It also involves the process of prioritizing the identified loopholes to be fixed on the basis of urgency, importance, impact, effort and/or cost.

A business can assign a task for their own in-house security professionals and testers, or they can hire third party vendors who can also perform these tasks for them on regular basis, for a price.

Vulnerability Assessments Steps

The person in charge or the security professional is expected to take the following steps when conducting the assessment:

  • Classifying assets and resources
  • Mitigating or removing vulnerabilities with the highest impact for the most valuable resources
  • Identifying threats
  • Assigning importance and impact value to all resources and assets
  • Creating strategies

Vulnerability Scanners

In some cases, it is even possible to automate the process with the use of tools and applications which are referred to as vulnerability scanners.

Vulnerability scanners can run a quick or detailed scan over the system, network, mobile, websites. databases or applications and provide a report.

Vulnerability scanners are widely used as a part of vulnerability testing. Some of the well-known vulnerability scanners are Nmap, Nessus, Acunetix, Nikto, and Metasploit.


A very recent study by Trustwave reported that 1 in every 5 businesses didn’t perform tests for security vulnerabilities despite “95 percent of survey respondents reported encountering one of the dozen common security issues associated with security vulnerabilities“. The report was created after surveying 126 security professionals who were either knowledgeable or were responsible for their company’s security testing.

Vulnerability assessments and testing should be a mandatory exercise for every business, due to the growing cyber attacks. It also helps create an awareness within a company and reduces inside threats.

Feature Image Credit – Stevepb/Pixabay

Subscribe to our Mailing List
We promise to never spam.

Get all the interesting stories delivered straight to Inbox.

Darshik Jariwala is an IT Professional from Canada, with 3+ years of experience and knowledge in various verticals in the IT industry. In his leisure time, he loves writing Blogs, Reading, watching Movies, occasional Photography and most of all having coffee with friends. You can also befriend him on , and .

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.