All IT Courses 50% Off
QA Tutorials

Vulnerability Testing Tutorial

Vulnerability testing is a software testing method performed to verify the quantum of risks involved in the system in order to reduce the probability of an event.

Vulnerability Testing:

  • It helps us to verify strength of password as it provides some degree of security.
  • It verifies the access controls with the operating system/technology adopted.
  • It verifies how easily the system which can be taken over an online attackers.
  • It evaluates the safety system level of data.
  • It checks if the system configuration or application configuration files are protected 
  • It checks if the system allows user to execute many malicious script.

Vulnerability testing:

  • Active and passive testing
  • Network and distributed testing
  • Verifying File/system access

Why do vulnerability Assessments?

Vulnerability Assessment
  • It will be important for security of organization.
  • it is the process of locating and reporting the vulnerabilities, which will provide a way to detect and resolve security problems by ranking the vulnerabilities before someone or something that can be exploit them.
  • In this process operating systems, Application software and Network are scanned in order to recognize the possibilities of vulnerabilities, which include inappropriate software design, insecure, authentication etc.

Vulnerability Assessment Process:

In this, we have detailed steps of the Vulnerability Assessment Process to identify the system vulnerabilities

Vulnerability Assessment and Penetration Testing (VAPT) Process

Step 1- Goals and objectives- It is for defining goals and objectives of Vulnerability Analysis.

Step 2- Scope- It is for performing the Assessment and Test, the scope of the Assignment needs to be clearly defined.

There are possible scopes that exist

  • Black box testing- Here testing from an external network with no prior knowledge of the internal network and systems.
  • Grey Box testing- Testing from either external or internal network with the knowledge of the internal network and system.It’s combination of both Black box testing and White box testing.
  • White Box testing – Testing in the internal network with the knowledge of the internal network and system. Also known as internal Testing.

Step 3- Information Gathering- Getting as much information about the IT environment as networks, IP Addresses, operating system version, etc. It’s applicable to all three types of scopes such as Black box testing, Grey box testing, and white box testing.

Step 4-Vulnerability Detection- Here in this process vulnerability scanners are used to scan the IT environment and identify the vulnerabilities.

Step 5-Information Analysis and Planning- It will evaluate the identified vulnerabilities to devise a plan for penetrating into the network and systems.

How to do vulnerability Assessment?

Following is a detailed step by step process on How to do vulnerability Assessment

step by step Vulnerability Assessment Methodology/ Technique

Step 1- Setup:

  • Begin Documentation
  • Secure Permissions
  • Update Tools
  • Configure tools

Step 2-Test Execution

Run tools

Run the caught data packet here a packet is a unit of data that will be routed between an origin and the destination. When the file, for the example-mail message, HTML file, Uniform Resource Locator request and is sent from one place to another place on the internet, the TCP layer of TCP/IP bifurcates the file into the number of “chunks” for good and efficient routing and each of these chunks will be uniquely numbered and will include the internet address of the destination. These chunks are called packets. When all the packets will arrive they will be reassembled into the original file by the TCP  layer at the receiving end while running the assessment tools.

Step 3-Vulnerability Analysis

  • Defining and categorising network or system resources.
  • Assigning priority to the resources
  • Identifying potential  threats to the resources.
  • Developing and implementation of ways to minimize the consequences if an attack occurs.

Step 4-Reporting

Step 5-Remediation

  • The process of fixing the vulnerabilities
  • Performed for every vulnerability.
Facebook Comments

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles

Back to top button

Get Python Course
worth 499$ for FREE!

Offer valid for 1st 20 seats only, Hurry up!!

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

H2kinfosys Blog will use the information you provide on this form to be in touch with you and to provide updates and marketing.