Vulnerability assessment (computing)

Last updated April 13, 2022

Vulnerability assessment is a process of defining, identifying and classifying the security holes in information technology systems. An attacker can exploit a vulnerability to violate the security of a system. Some known vulnerabilities are Authentication Vulnerability, Authorization Vulnerability and Input Validation Vulnerability.^[1]

Purpose

Before deploying a system, it first must go through from a series of vulnerability assessments that will ensure that the build system is secure from all the known security risks. When a new vulnerability is discovered, the system administrator can again perform an assessment, discover which modules are vulnerable, and start the patch process. After the fixes are in place, another assessment can be run to verify that the vulnerabilities were actually resolved. This cycle of assess, patch, and re-assess has become the standard method for many organizations to manage their security issues.

The primary purpose of the assessment is to find the vulnerabilities in the system, but the assessment report conveys to stakeholders that the system is secured from these vulnerabilities. If an intruder gained access to a network consisting of vulnerable Web servers, it is safe to assume that he gained access to those systems as well.^[2] Because of assessment report, the security administrator will be able to determine how intrusion occurred, identify compromised assets and take appropriate security measures to prevent critical damage to the system.

Assessment types

Depending on the system a vulnerability assessment can have many types and level.

Host assessment

A host assessment looks for system-level vulnerabilities such as insecure file permissions, application level bugs, backdoor and Trojan horse installations. It requires specialized tools for the operating system and software packages being used, in addition to administrative access to each system that should be tested. Host assessment is often very costly in term of time, and thus is only used in the assessment of critical systems. Tools like COPS and Tiger are popular in host assessment.

Network assessment

In a network assessment one assess the network for known vulnerabilities. It locates all systems on a network, determines what network services are in use, and then analyzes those services for potential vulnerabilities. This process does not require any configuration changes on the systems being assessed. Unlike host assessment, network assessment requires little computational cost and effort.

Vulnerability assessment vs penetration testing

Vulnerability assessment and penetration testing are two different testing methods. They are differentiated on the basis of certain specific parameters.

Vulnerability assessment vs Penetration testing^[3]
	Vulnerability Scan	Penetration Test
How often to run	Continuously, especially after new equipment is loaded	Once a year
Reports	Comprehensive baseline of what vulnerabilities exist and changes from the last report	Short and to the point, identifies what data was actually compromised
Metrics	Lists known software vulnerabilities that may be exploited	Discovers unknown and exploitable exposures to normal business processes
Performed by	In house staff, increases expertise and knowledge of normal security profile.	Independent outside service
Expense	Low to moderate: about $1200 / yr + staff time	High: about $10,000 per year outside consultancy
Value	Detective control, used to detect when equipment is compromised	Preventative control used to reduce exposures

Related Research Articles

A vulnerability scanner is a computer program designed to assess computers, networks or applications for known weaknesses. These scanners are used to discover the weaknesses of a given system. They are utilized in the identification and detection of vulnerabilities arising from mis-configurations or flawed programming within a network-based asset such as a firewall, router, web server, application server, etc. Modern vulnerability scanners allow for both authenticated and unauthenticated scans. Modern scanners are typically available as SaaS ; provided over the internet and delivered as a web application. The modern vulnerability scanner often has the ability to customize vulnerability reports as well as the installed software, open ports, certificates and other host information that can be queried as part of its workflow.

Nessus is a proprietary vulnerability scanner developed by Tenable, Inc.

A white hat is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. An ethical hacker is always on the lookout for flaws in a company's network and works to strengthen it. Contrasted with the black hat, a malicious hacker, the name comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission.

Vulnerability (computing) Exploitable weakness in a computer system

Vulnerabilities are flaws in a computer system that weakens the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by a threat actor, such as an attacker, to cross privilege boundaries within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerabilities are also known as the attack surface.

A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.

An information security audit is an audit on the level of information security in an organization. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized to technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases, and highlights key components to look for and different methods for auditing these areas.

The Open Web Application Security Project (OWASP) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The Open Web Application Security Project (OWASP) provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.

Application security Measures taken to improve the security of an application

Application security includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security issues within applications. It encompasses the whole application life cycle from requirements analysis, design, implementation, verification as well as maintenance.

Security testing The process of finding flaws in the security of information systems

Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing the security testing process is not an indication that no flaws exist or that the system adequately satisfies the security requirements.

Database security concerns the use of a broad range of information security controls to protect databases against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical.

Network access control (NAC) is an approach to computer security that attempts to unify endpoint security technology, user or system authentication and network security enforcement.

The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes.

SAINT is computer software used for scanning computer networks for security vulnerabilities, and exploiting found vulnerabilities.

Sentrigo was a privately held software company located in Santa Clara, California, USA, until its acquisition in April, 2011 by McAfee.

H. D. Moore is a network security expert, open source programmer, and hacker. He is a developer of the Metasploit Framework, a penetration testing software suite, and the founder of the Metasploit Project.

IT risk management is the application of risk management methods to information technology in order to manage IT risk, i.e.:

Web application firewall HTTP specific network security system

A web application firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service. By inspecting HTTP traffic, it can prevent attacks exploiting a web application's known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and improper system configuration.

The following outline is provided as an overview of and topical guide to computer security:

Security, as part of the software development process, is an ongoing process involving people and practices, and ensures application confidentiality, integrity, and availability. Secure software is the result of security aware software development processes where security is built in and thus software is developed with security in mind.

Code Dx refers to both a software company and its flagship product, a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools.

References

↑ "Category:Vulnerability - OWASP". www.owasp.org. Retrieved 2016-12-07.
↑ "Vulnerability Assessment" (PDF). www.scitechconnect.elsevier.com. Retrieved 2016-12-07.
↑ "Penetration Testing vs. Vulnerability Scanning". www.tns.com. Retrieved 2016-12-07.

External links

Dowd; McDonald; Schuh (2007). The art of software security assessment : identifying and preventing software vulnerabilities (PDF). Indianapolis, Ind.: Addison-Wesley. ISBN 978-0-321-44442-4. OCLC 70836623. Archived from the original (PDF) on 2020-10-08.
List of known Vulnerabilities

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Category:Vulnerability - OWASP". www.owasp.org. Retrieved 2016-12-07.

[2] "Vulnerability Assessment" (PDF). www.scitechconnect.elsevier.com. Retrieved 2016-12-07.

[3] "Penetration Testing vs. Vulnerability Scanning". www.tns.com. Retrieved 2016-12-07.

[1]

[2]

[3]