Vulnerability Assessment is also sometimes referred to as Vulnerability Analysis. Vulnerability Assessment is a part of vulnerability testing also known as VAPT.
VAPT comprises of Vulnerability Assessment and Penetration Testing. Each of these tests is conducted separately, they have different methodologies and yield different results. Although both focus on the same area.
Vulnerability Assessment is the process of conducting security assessments to identify the loopholes in the system which can be exploited by an outsider. It also involves the process of prioritizing the identified loopholes to be fixed on the basis of urgency, importance, impact, effort and/or cost.
A business can assign a task for their own in-house security professionals and testers, or they can hire third party vendors who can also perform these tasks for them on regular basis, for a price.
Vulnerability Assessments Steps
The person in charge or the security professional is expected to take the following steps when conducting the assessment:
- Classifying assets and resources
- Mitigating or removing vulnerabilities with the highest impact for the most valuable resources
- Identifying threats
- Assigning importance and impact value to all resources and assets
- Creating strategies
In some cases, it is even possible to automate the process with the use of tools and applications which are referred to as vulnerability scanners.
Vulnerability scanners can run a quick or detailed scan over the system, network, mobile, websites. databases or applications and provide a report.
Vulnerability scanners are widely used as a part of vulnerability testing. Some of the well-known vulnerability scanners are Nmap, Nessus, Acunetix, Nikto, and Metasploit.
A very recent study by Trustwave reported that 1 in every 5 businesses didn’t perform tests for security vulnerabilities despite “95 percent of survey respondents reported encountering one of the dozen common security issues associated with security vulnerabilities“. The report was created after surveying 126 security professionals who were either knowledgeable or were responsible for their company’s security testing.
Vulnerability assessments and testing should be a mandatory exercise for every business, due to the growing cyber attacks. It also helps create an awareness within a company and reduces inside threats.