Vulnerability assessment

14 jul 23
Vulnerability Assesssment
• A vulnerability assessment is the testing process used to identify and
assign severity levels to as many security defects as possible in a
given timeframe
• This process may involve automated and manual techniques
• It is a systematic process of identifying and evaluating vulnerabilities
in computer systems, networks, and applications
• Vulnerability testing helps organizations to identify vulnerabilities in
their software, hosts, application, network and supporting
infrastructure before a compromise
 Vulnerability Assessment solutions
• Vulnerability Scanners: Vulnerability scanners are automated tools that scan networks,
systems, or applications to identify known vulnerabilities. They analyze configurations,
software versions, and patch levels to generate reports highlighting potential vulnerabilities
• Web Application Scanners: Web application scanners focus specifically on identifying
vulnerabilities in web applications, including common issues like SQL injection, cross-site
scripting (XSS), or insecure authentication mechanisms. They simulate attacks and provide
detailed reports on vulnerabilities found
• Network Vulnerability Assessment Tools: Network vulnerability assessment tools analyze
network devices, such as routers, switches, firewalls, and identify vulnerabilities in their
configurations. They assess network security settings and policies to uncover potential
weaknesses
• Continuous Monitoring Solutions: Continuous monitoring solutions provide ongoing
vulnerability assessment and monitoring capabilities. They continuously scan systems,
networks, or applications for vulnerabilities, and can often integrate with other security
tools for real-time threat detection and response
• Threat Intelligence Platforms: These platforms leverage threat intelligence feeds and data
to assess vulnerabilities in the context of emerging threats. They provide insights into
potential vulnerabilities that could be targeted by specific threats or attack campaigns
 objectives
• Primary goal of a vulnerability
assessment is to discover vulnerabilities
before they are exploited, allowing
organizations to take proactive
measures to mitigate

• Identify vulnerabilities ranging from

critical design flaws to simple
misconfigurations

• Document the vulnerabilities so that

developers can easily identify and
reproduce the findings

• Create guidance to assist developers

with remediating the identified
vulnerabilities
Types of Vulnerability Assessment
• Host assessment: The assessment of critical servers, which may be
vulnerable to attacks if not adequately tested or not generated from
a tested machine image.
• Network and wireless assessment: The assessment of policies and
practices to prevent unauthorized access to private or public
networks and network-accessible resources.
• Database assessment: The assessment of databases or big data
systems for vulnerabilities and misconfigurations, identifying rogue
databases or insecure dev/test environments, and classifying
sensitive data across an organization’s infrastructure.
Vulnerability Management
Vulnerability management can be defined as “the practice of identifying,
classifying, remediating, and mitigating vulnerabilities

Organizations use vulnerability management to preemptively defend

against the exploitation of vulnerabilities in company applications,
software and networks
– This process can be viewed in five key steps:
• Outline vulnerability management policy
• Discover existing vulnerabilities
• Analyze current level of security and rank vulnerabilities by threat
level/remediation actions required
• Mitigate the causes of vulnerabilities
• Maintain security through ongoing testing and discovery
vulnerability Management Policy
• Define the level of security that an organization wants to maintain
• Set guidelines for vulnerability management practices (from testing to
remediation and maintenance)
• Classify vulnerabilities by risk/ threat and remediation effort
• Determine how often scans will be performed and allotted
remediation times
• Define access-control policy for all devices connected to company
networks
• Outline the consequences of noncompliance with vulnerability
management policy
 Vulnerability Assessment Scanner

identify the root cause prioritize the Closing the

assets and behind vulnerabilities security gaps
then define vulnerable using a (Mgmt team
the associated entity severity score +
risk Dev Team)
 Vulnerability assessment: Security scanning process
Scoping (Pre Task): Defining the scope of the assessment, including the systems,
networks, and applications to be assessed

Gathering Information (Pre task): Collecting information about the target systems,
such as IP addresses, domain names, system configurations, and network topology

Vulnerability Identification: Analyzing the results of the vulnerability scans and

identifying potential vulnerabilities that could be exploited. This involves
determining the severity and potential impact of each vulnerability. Can be done by
automated tools
Objective of this step is to draft a comprehensive list of an application’s
vulnerabilities

Vulnerability analysis: The objective of this step is to identify the source and root
cause of the vulnerabilities identified in previous step. It involves the identification
of system components responsible for each vulnerability, and the root cause of the
vulnerability
 Vulnerability assessment: Security scanning process

Risk assessment: The objective of this step is the prioritizing of vulnerabilities. It

involves security analysts assigning a rank or severity score to each vulnerability,
based on such factors as:
• Which systems are affected
• What data is at risk
• Which business functions are at risk
• Ease of attack or compromise
• Severity of an attack
• Potential damage as a result of the vulnerability
 Vulnerability assessment: Security scanning process
Remediation: The objective of this step is the closing of security gaps. It’s typically a
joint effort by security staff, development and operations teams, who determine the
most effective path for remediation or mitigation of each vulnerability.
Taking necessary actions to mitigate or fix the identified vulnerabilities. Specific
remediation steps might include:
• Introduction of new security procedures, measures or tools
• Updating of operational or configuration changes
• Development and implementation of a vulnerability patch
• Applying security patches
• Reconfiguring systems
• Updating software versions
• Implementing additional security controls

Validation (Post Task): After applying remedial measures, performing a follow-up

assessment to validate that the vulnerabilities have been properly addressed and
are no longer exploitable
 Types of
Vulnerability Assessment Tools

Modern vulnerability assessments rely on automated scanning tools to find new and
existing threats that can target your system. Types of tools include:

• Network-based scanning (Nmap, Wireshark)

• Host-based (OpenVAS, Wireshark, Nikto)
• Wireless network (Nmap, Aircrak, PRTG)
• Application scans (ThreatSpy, APISec, Acunetix)
• Database (SQLmap, Qualys, Nessus)
Vulnerability SCORING systems
Vulnerability scoring systems are used to quantify and prioritize
vulnerabilities based on their severity and potential impact on systems or
networks
Provide a standardized way to assess and compare vulnerabilities, aiding
organizations in prioritizing their remediation efforts. Some commonly used
systems are:
Common Vulnerability Scoring System (CVSS): The CVSS is a widely adopted
industry standard for assessing vulnerability severity. It assigns a numerical
score ranging from 0 to 10, based on several factors including the impact,
exploitability, and complexity of the vulnerability. The score helps
organizations prioritize vulnerabilities for remediation based on their
criticality.
Vulnerability SCORING systems
• National Vulnerability Database (NVD) Scoring: The NVD scoring
system is used by the National Institute of Standards and
Technology (NIST) to rate vulnerabilities. It provides a severity
rating from Low to Critical based on the potential impact on
confidentiality, integrity, and availability of systems or data

• Common Weakness Scoring System (CWSS): The CWSS focuses

on identifying and scoring common software weaknesses or
programming errors that could lead to vulnerabilities. It provides
a score ranging from 0 to 100 based on factors such as
prevalence, detectability, and exploitability
Vulnerability SCORING systems
• Exploitability Index (Exploit-DB): The Exploit-DB scoring system
assigns a score to vulnerabilities based on their exploitability. It
takes into account factors such as the availability of public
exploits, difficulty level, and the skill required to exploit the
vulnerability.

• DREAD (Damage, Reproducibility, Exploitability, Affected Users,

Discoverability): DREAD is a qualitative model used for
vulnerability prioritization. It assigns scores on a scale from 1 to
10 to assess the potential damage, ease of exploit, and other
factors. The scores are then combined to prioritize vulnerabilities
based on their overall risk
Thank you