Vulnerability Assessment is a risk management process used to identify, quantify and rank possible vulnerabilities to threats in cyber security. The vulnerability assessment methodology combines both black box and white box approach.
- Phase 1 Information Gathering
- Understanding the business or operational objectives of the host including transactions, workflow and processes.
- Reviewing the type of system, network and application
- Identifying the services, critical data, private personal/consumer data, or sensitive technical information.
- Phase 2 Vulnerability Identification
- Usage of automated tools to provide a baseline breadth coverage to ensure that all components of applications are analysed.
- Performing manipulative, aggregation and iterative testing to determine the application exposure to attacks.
- Phase 3 Vulnerability Analysis
- Analysts of vulnerabilities detected to identify the chances of exploitation and the type of payload and attack methodology.
Vulnerability Assessment Coverage
- Insecure or vulnerable services
- Unecessary or open Ports
- Unencrypted communication channels
- Out of date or obsolete components
- Unauthenticated access
- Unauthorised administrative portals
- Unauthorised database ports