This is an old revision of the document!
A vulnerability assessment is done to check a computer system, network, or web application to evaluate its security. The goal of the assessment is to identify vulnerabilities that an attacker could exploit and to assess the potential impact of a successful attack. An assessment typically involves the following steps:
Reconnaissance: Making a list of all softwares and their versions which are used on the network, Gathering information about the target system, network, or web application.
Scanning: Identifying potential vulnerabilities using tools such as vulnerability scanners.
Verifying the configuration : Checking the configurations of all softwares to make sure they follow the policy of the organization.
Reporting: Documenting the results of the vulnerability test, including any vulnerabilities that were identified and mentioning the conditions in which they could cause unauthorized access.
It is important to note that a vulnerability assessment is usually done with the cooperation of the system owners and administrators. Unauthorized assessments or checking of systems can be considered to be a very suspicious activity and can be illegal in many cases.