This review composed by gives a general introduction to vulnerability assessment of the computing field. It introduces the necessity and types of vulnerability assessment. Also, it compares vulnerability assessment with penetration test for differences.

Vulnerability Assessment Definition

In general, vulnerability assessment can have two kinds of meanings with one involves in the computer field and the other relates to the earth atmosphere system. Here, we will talk about the former.

Some well-known vulnerabilities are authorization vulnerability, authentication vulnerability, as well as input validation vulnerability.

Why Need to Perform Security Vulnerability Assessment?

Threat vulnerability assessment will find the vulnerabilities in a target system. The vulnerability assessment report conveys to stakeholders that the system is secured from those vulnerabilities. If an attacker gets access to a network consisting of vulnerable web servers, it also means that the intruder gains access to those systems.

Thanks to the vulnerability assessment report, the security administrator can determine how intrusion happens, identify compromised assets, and carry out proper security actions to prevent great damage to the system.

Before deploying a system, it must go through a set of risk and vulnerability assessments to ensure the build system is secure from all the known security risks. If a new vulnerability is found, the administrator will conduct an assessment again, discover which modules are vulnerable, and start the patch process.

When the fixes finish, another assessment will be performed to verify that the vulnerabilities are completely patched. This cycle of assessing, patching, and re-accessing has become the standard methodology for many organizations to manage their security problems.

A New Attack Vulnerability for Intel CPUs - SWAPGS Attack
A New Attack Vulnerability for Intel CPUs - SWAPGS Attack

A new CPU attack vulnerability has emerged and attackers may use it to gain your private information. Microsoft releases a security update to mitigate the risk.

Read More

Types of Vulnerability Assessment

According to the target systems, there are several kinds of vulnerability assessments.

#1 Host Vulnerability Assessment

A host vulnerability assessment checks for system-level vulnerabilities like insecure file permissions, application-level bugs, backdoors, as well as trojan horse installations.

Host vulnerability assessment needs specialized tools for the system and software packages being used, besides administrative access to each system that should be tested. It is usually costly in terms of time. So, it is only applied to critical systems.

#2 Network Vulnerability Assessment

Within a network vulnerability assessment, one assesses the network for known vulnerabilities. It locates all systems on a network, determines what network services are in use, and then analyzes those services for potential vulnerabilities.

Such a process doesn’t need any configuration on the systems being assessed. Unlike host vulnerability assessment, network vulnerability assessment requires little computational cost and effort.

A Serious Vulnerability Was Found In The Windows Task Scheduler
A Serious Vulnerability Was Found In The Windows Task Scheduler

The vulnerability in the Windows Task Scheduler makes it easier for hackers to get access to a Windows system.

Read More

Vulnerability Assessment Tools

There are many popular vulnerability assessment tools and some of them are listed below.

Vulnerability Assessment vs Penetration Testing

Both vulnerability assessment and penetration test are methodologies for finding threats and risks. Yet, they are different in some aspects.

1. Use Frequency

Usually, vulnerability assessment should run continuously, especially after new equipment is loaded, while penetration test is expected to run once a year.

2. Application

Vulnerability assessment is performed by in-house staff to increase expertise and knowledge of normal security profile. however, penetration exams are carried out on independent outside service.

Kaspersky Detects a New Security Exploit in Microsoft Windows OS
Kaspersky Detects a New Security Exploit in Microsoft Windows OS

Kaspersky Lab detects a new security exploit in Microsoft Windows OS and now it has been patched by Microsoft on October 9.

Read More

3. Reports

The vulnerability assessment report has a comprehensive baseline of what vulnerabilities exist and changes from the last report. yet, the report of a penetration test is short and to the point; identifies what data was compromised.

4. Metrics

Vulnerability assessment lists known applications’ exploits that may be taken advantage of. While penetration test finds unknown and exploitable exposures to normal business processes.

5. Cost

Vulnerability assessment’s expense is low to moderate and counts around $1200 per year plus staff time. In contrast, penetration test costs about 10 thousand dollars every year outside consultancy.

6. Value

Vulnerability assessment plays a role in detective control. It detects when equipment is compromised while penetration testing is used to reduce exposures as a preventative control.

  • linkedin
  • reddit