products:ict:security:vulnerability_assessment
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
products:ict:security:vulnerability_assessment [2023/02/04 23:22] – created wikiadmin | products:ict:security:vulnerability_assessment [2023/02/05 00:16] (current) – wikiadmin | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Vulnerability Assessment ====== | ||
Line 4: | Line 5: | ||
A vulnerability assessment is done to check a computer system, network, or web application to evaluate its security. The goal of the assessment is to identify vulnerabilities that an attacker could exploit and to assess the potential impact of a successful attack. An assessment typically involves the following steps: | A vulnerability assessment is done to check a computer system, network, or web application to evaluate its security. The goal of the assessment is to identify vulnerabilities that an attacker could exploit and to assess the potential impact of a successful attack. An assessment typically involves the following steps: | ||
- | Reconnaissance: Making a list of all softwares and their versions which are used on the network, Gathering information about the target system, network, or web application. | + | Information Gathering: This involves gathering information about the target system, including operating system, hardware and software components, network structure, etc. This information is used to identify potential vulnerabilities. |
- | Scanning: Identifying potential vulnerabilities using tools such as vulnerability scanners. | ||
- | Verifying the configuration | + | Authorized scanning: Identifying potential vulnerabilities using tools such as vulnerability scanners.. Scanning |
- | Reporting: Documenting the results of the vulnerability test, including any vulnerabilities that were identified | + | Vulnerability listing: This involves listing all known and documented vulnerabilities for each software version which is in use. Checking for missing updates, patches, misconfigured systems, and other security issues. Also listing all security design |
- | It is important to note that a vulnerability assessment is usually done with the cooperation of the system | + | Deep Checking: This involves manually testing |
+ | Reporting: Documenting the results of the vulnerability test, including any vulnerabilities that were identified and mentioning the conditions in which they could cause unauthorized access. The results of the weaknesses and how to mitigate against then with the least amount of resources and changes required. The suggestions depend on the risk appetite of the target system owners and the amount of services they are willing to provide. Disaster recovery plans and damage control plans need to be suggested and made to allow the system owners to respond to any future attacks in case they occur. | ||
+ | Verifying the configuration : Checking the configurations of all softwares to make sure they follow the policy of the organization. | ||
+ | |||
+ | It is important to note that a vulnerability assessment is usually done with the cooperation of the system owners and administrators. Unauthorized assessments or checking of systems can be considered to be a very suspicious activity and can be illegal in many cases. | ||
products/ict/security/vulnerability_assessment.1675534960.txt.gz · Last modified: 2023/02/04 23:22 by wikiadmin