What you need to know about Vulnerability Assessments?


As the term suggests, a vulnerability assessment is a process of identifying and classifying a system’s vulnerabilities. This includes assessing anything from computer systems to network infrastructure. The goal of a vulnerability assessment is to inform the relevant party about the threats to its systems and potential prevention measures.

A vulnerability assessment serves as an essential mechanism that would allow organizations to identify their system’s loopholes and patch them accordingly. Given how important cybersecurity is in the modern age, this is a vital procedure in ensuring an organization’s security in the digital space.

Vulnerability assessment process

The vulnerability assessment drills down to 5 steps. It starts off with goals and objectives, followed by identifying the scope of the assessment. Then the information gathering process is carried out. It’s in the third step that vulnerability detection is carried out. Finally, the assessment concludes once the information analysis and planning is complete.

Goals and objectives

This is the stage where the goals and objectives of the test are identified.


Prior to actually carrying out the test, it’s important to clearly define the scope of the assessment. One possible methodology is to employ black box, white box or grey box testing mechanisms.

Information gathering

Here, the aim is to obtain as much information about the target system as possible. This can be achieved via social engineering, preliminary scans, or other similar means.

Vulnerability detection

The actual testing part of the entire process happens at this stage. The target system is scanned and vulnerabilities are identified.

Information analysis and planning

The identified vulnerabilities are finally analyzed, classified and prioritized. Additionally, this includes possible preventive measures for the assessed vulnerabilities.

There are different types of vulnerability assessments, each focusing on different aspects.

Network-based scans

This looks at the potential loopholes in computer networks. A network-based scan lets the network administrator or network security personnel measure the strength of a particular network. This type of assessment encapsulates a lot of elements. Among them are,

  1. Analyzing router and WiFi passwords
  2. Analyzing security at the device level
  3. Network strength assessment against network-based attacks such as network intrusion, Man-In-The-Middle attack, Distributed Denial of Service
  4. Identification and prioritization of network threats
Wireless network scans

At a basic level, this type of scan helps identify the specifics of an organization’s security of the wireless network. According to Cisco, this can be a 5-step process.

  1. Identifying all wireless devices on the network
  2. Identifying rogue devices. This is where any unauthorized or unintentional wireless devices in the network are identified and dealt with.
  3. Testing the authorized access points of the network
  4. Updating device inventory to reflect every possible device that could potentially interact with the
  5. Patching all discovered vulnerabilities.

Of course, do note that wireless network scans can go well beyond these 5 steps.

Application scans

Application scans determine the security level of the software of an organization’s systems. This includes identifying network or web application misconfigurations. This also includes scanning for software vulnerabilities such as SQL injection, cross-site scripting, and buffer overflows.

Database scans

These scans focus on system vulnerabilities from a database perspective. Part of this includes identifying and strengthening database-level security from malicious attacks such as SQL injection attacks.

Host-based scans

Host-based vulnerability assessments focus on network hosts like servers and workstations. The host-based scanner tools would load mediator software onto the target system. Afterward, it will trace the relevant activities and report to the intended parties. A typical host-based scan looks at ports/services visible to network-based scans.

In addition to the above, there are also different methods of vulnerability assessment as well. Inactive testing, for example, a tester will actively focus on new test cases and areas while doing the test. Passive testing is where the currently running system is tested without introducing new data. Network testing focuses on network components. Distributed testing applies to applications that work with multiple clients simultaneously.

Tools for vulnerability assessments

There are many tools available for conducting these tests. Some of the well-known ones include,

  1. Acunetix: automated web application security testing tool
  2. OpenVAS: an open-source tool that provides tools for both vulnerability scanning and vulnerability management
  3. Nikto: open source web scanner
  4. Wireshark: network protocol analyzer
  5. Aircrack: used to assess WiFi network security
  6. Nessus: branded and patented vulnerability scanner
  7. Microsoft Baseline Security Analyzer: a free Microsoft tool for securing a Windows system based on Microsoft guidelines.
The difference between vulnerability assessments and penetration testing

It’s not necessarily about the differences but rather what each procedure aims to achieve in cybersecurity. Penetration testing is in fact, part of the vulnerability assessment process. Penetration testing enables more effective identification of a system’s vulnerabilities. These are sometimes missed by vulnerability scans.

It should be noted that penetration testing alone is insufficient for vulnerability assessment. Penetration testing actively targets vulnerabilities and exploits them. Comparatively, a vulnerability assessment employs automated tools to cover unpatched vulnerabilities throughout the system. If further analysis is required, vulnerability assessment would be done so manually.

It’s a continuous process

Either way, vulnerability assessments should be carried out on a regular basis in an organization. Systems often undergo changes frequently. Sometimes it can be in the form of adding new devices or introducing new software services. If a company is utilizing old systems or software, then there’s an even higher risk of falling victim to a malicious attack. This is because as systems get older, the priority of the manufacturers toward these declines over time. Just recently, Microsoft issued a patch for Internet Explorer, a browser that still has more than 7% users out of all browsers.

But this doesn’t mean new devices always mean fewer vulnerabilities. The recently discovered “checkm8” vulnerability in older iOS devices is a perfect example here. Nevertheless, the point is that it’s vital to stay up to date. Vulnerability assessment plays a critical role in enabling organizations to do so.

In case you’re wondering how to get started with a vulnerability assessment for your own enterprise, feel free to check us out. You can reach us via email at info@c-yber.com or by phone (+372) 602 3532.