What Is Vulnerability Assessment ?

Published On 28th May 2019

Vulnerability Assessment

Vulnerability assessment is a process to evaluate the security risks in the software system in order to reduce the probability of a threat. It is also called Vulnerability Testing.
A vulnerability is any mistakes or weakness in the system security procedures, design, implementation or any internal control that may result in the violation of the system's security policy. The purpose of Vulnerability Assessment is to reduce the possibility for intruders (hackers) to get unauthorized access. Vulnerability Analysis depends upon two mechanisms namely Vulnerability Assessment and Penetration Testing(VAPT).

Example Of Threats That Can Be Prevented By Vulnerability Assessment.

• SQL injections, XSS, code injections.
• Insecure defaults – software that ships with insecure settings, such as a guessable admin passwords.
There are several types of vulnerability assessments. These include:

1. Host assessment – The assessment of critical servers, which may be vulnerable to attacks if not adequately tested or not generated from a tested machine image.
2. Network and wireless assessment – The assessment of policies and practices to prevent unauthorized access to private or public networks and network-accessible resources.
3. Database assessment – The assessment of databases or big data systems for vulnerabilities and misconfigurations, identifying rogue databases or insecure dev/test environments, and classifying sensitive data across an organization’s infrastructure.
4. Application scans – The identifying of security vulnerabilities in web applications and their source code by automated scans on the front-end or static/dynamic analysis of source code.

Vulnerability Assessment: Security scanning process

The security scanning process consists of four steps: testing, analysis, assessment and remediation.

1. Vulnerability identification (testing)
The objective of this step is to draft a comprehensive list of an application’s vulnerabilities. Security analysts test the security health of applications, servers or other systems by scanning them with automated tools, or testing and evaluating them manually. Analysts also rely on vulnerability databases, vendor vulnerability announcements, asset management systems and threat intelligence feeds to identify security weaknesses.

2. Vulnerability analysis
The objective of this step is to identify the source and root cause of the vulnerabilities identified in step one. It involves the identification of system components responsible for each vulnerability, and the root cause of the vulnerability. For example, the root cause of a vulnerability could be an old version of an open source library. This provides a clear path for remediation – upgrading the library.

3. Risk assessment
The objective of this step is the prioritizing of vulnerabilities. It involves security analysts assigning a rank or severity score to each vulnerability, based on such factors as:
1. Which systems are affected.
2. What data is at risk.
3. Which business functions are at risk.
4. Ease of attack or compromise.
5. Severity of an attack.
6. Potential damage as a result of the vulnerability.

4. Remediation
The objective of this step is the closing of security gaps. It’s typically a joint effort by security staff, development and operations teams, who determine the most effective path for remediation or mitigation of each vulnerability.
Specific remediation steps might include:
1. Introduction of new security procedures, measures or tools.
2. The updating of operational or configuration changes.
3. Development and implementation of a vulnerability patch.
Vulnerability assessment cannot be a one-off activity. To be effective, organizations must operationalize this process and repeat it at regular intervals. It is also critical to foster cooperation between security, operation and development teams – a process known as DevSecOps.

How Does A Vulnerability Assessment Work?

There are three primary objectives of a vulnerability assessment.

1. Identify vulnerabilities ranging from critical design flaws to simple misconfigurations.
2. Document the vulnerabilities so that developers can easily identify and reproduce the findings.
3. Create guidance to assist developers with remediating the identified vulnerabilities.

Vulnerability testing can take various forms. One method is Dynamic Application Security Testing (DAST). A dynamic analysis testing technique that involves executing an application (most commonly a Web application), DAST is performed specifically to identify security defects by providing inputs or other failure conditions to find defects in real time. Conversely, Static Application Security Testing (SAST) is the analysis of an application’s source code or object code in order to identify vulnerabilities without running the program.
The two methodologies approach applications very differently. They are most effective at different phases of the software development life cycle (SDLC) and find different types of vulnerabilities. For example, SAST detects critical vulnerabilities such as cross-site scripting (XSS) and SQL injection earlier in the SDLC. DAST, on the other hand, uses an outside-in penetration testing approach to identify security vulnerabilities while Web applications are running.

Another method of vulnerability assessment in and of itself, penetration testing entails goal-oriented security testing. Emphasizing an adversarial approach (simulating an attacker’s methods), penetration testing pursues one or more specific objectives .

Why Vulnerability Assessments Are Important.

Vulnerability assessments allow security teams to apply a consistent, comprehensive, and clear approach to identifying and resolving security threats and risks. This has several benefits to an organization:

• Early and consistent identification of threats and weaknesses in IT security
• Remediation actions to close any gaps and protect sensitive systems and information
• Meet cybersecurity compliance and regulatory needs for areas like HIPAA and PCI DSS
• Protect against data breaches and other unauthorized access
When you’re choosing a vulnerability scanning tool, emphasize the following areas:
• Frequency of updates
• Quality and quantity of vulnerabilities, including minimizing false positives and false negatives. Elimination of false positives
• Actionability of results

Integrations with other vulnerability management and IT security tools (patch management, SIEM, etc.)
vulnerability assessments should always provide clear, actionable information on all identified threats, and the corrective actions that will be needed. This allows risk managers to prioritize fixes against the overall cyber risk profile of the organization. A good vulnerability assessment approach can significantly reduce your exposure to cyber threats, and boost your baseline of protection across your organization’s systems and data

Advantages of Vulnerability Assessment
• Open Source tools are available.
• Identifies almost all vulnerabilities
• Automated for Scanning.
• Easy to run on a regular basis.

Disadvantages of Vulnerability Assessment

• High false positive rate
• Can easily detect by Intrusion Detection System Firewall.
• Often fail to notice the latest vulnerabilities.

Vulnerability Testing Methods

Active Testing

• Inactive Testing, a tester introduces new test data and analyzes the results.
• During the testing process, the testers create a mental model of the process, and it will grow further during the interaction with the software under test.
• While doing the test, the tester will actively involve in the process of finding out the new test cases and new ideas. That's why it is called Active Testing.

Passive Testing

• Passive testing, monitoring the result of running software under test without introducing new test cases or data
• Network Testing
• Network Testing is the process of measuring and recording the current state of network operation over a period of time.
• Testing is mainly done for predicting the network operating under load or to find out the problems created by new services.
We need to Test the following Network Characteristics:-
• Utilization levels
• Number of Users
• Application Utilization

Distributed Testing

• Distributed Tests are applied for testing distributed applications, which means, the applications that are working with multiple clients simultaneously. Basically, testing a distributed application means testing its client and server parts separately, but by using a distributed testing method, we can test them all together.
• The test parts will interact with each other during the Test Run. This makes them synchronized in an appropriate manner. Synchronization is one of the most crucial points in distributed testing.


In Software Engineering, Vulnerability Testing depends upon two mechanisms namely Vulnerability Assessment and Penetration Testing. Both these tests differ from each other in strength and tasks that they perform. However, to achieve a comprehensive report on Vulnerability Testing, the combination of both procedures is recommended.


Rakesh chandanala