Читать книгу Web Penetration Testing - Radhi Shatob - Страница 8

Vulnerability assessment is the process of defining, identifying and classifying security vulnerabilities in an IT system.

vulnerability types:

 Authentication Vulnerability.

 Authorization Vulnerability.

 Input Validation Vulnerability.

The main difference between Vulnerability Assessment and Penetration testing is that in the Vulnerability Assessment no exploitation and post exploitation is done, and you don’t know whether the finding is false-positive or true-positive.

Vulnerability Assessment Steps:

 Identifying assets and building asset inventory.

 Categorizing assets into groups.

 Scanning assets for vulnerabilities.

 Ranking risks.

 Patch Management.

 Follow-up remediation scans

Vulnerability Assessment Tools:

 Qualys

 Nessus – Tenable Security (they have free community edition with limited functionality)

 Nexpose – Rapid 7 (they have free community edition with limited functionality)

 OpenVas (Free and Open Source)