Vulnerability testing is a software testing method performed to verify the quantum of risks involved in the system in order to reduce the probability of an event.
- It helps us to verify strength of password as it provides some degree of security.
- It verifies the access controls with the operating system/technology adopted.
- It verifies how easily the system which can be taken over an online attackers.
- It evaluates the safety system level of data.
- It checks if the system configuration or application configuration files are protected
- It checks if the system allows user to execute many malicious script.
- Active and passive testing
- Network and distributed testing
- Verifying File/system access
Why do vulnerability Assessments?
- It will be important for security of organization.
- it is the process of locating and reporting the vulnerabilities, which will provide a way to detect and resolve security problems by ranking the vulnerabilities before someone or something that can be exploit them.
- In this process operating systems, Application software and Network are scanned in order to recognize the possibilities of vulnerabilities, which include inappropriate software design, insecure, authentication etc.
Vulnerability Assessment Process:
In this, we have detailed steps of the Vulnerability Assessment Process to identify the system vulnerabilities
Step 1- Goals and objectives- It is for defining goals and objectives of Vulnerability Analysis.
Step 2- Scope- It is for performing the Assessment and Test, the scope of the Assignment needs to be clearly defined.
There are possible scopes that exist
- Black box testing- Here testing from an external network with no prior knowledge of the internal network and systems.
- Grey Box testing- Testing from either external or internal network with the knowledge of the internal network and system.It’s combination of both Black box testing and White box testing.
- White Box testing – Testing in the internal network with the knowledge of the internal network and system. Also known as internal Testing.
Step 3- Information Gathering- Getting as much information about the IT environment as networks, IP Addresses, operating system version, etc. It’s applicable to all three types of scopes such as Black box testing, Grey box testing, and white box testing.
Step 4-Vulnerability Detection- Here in this process vulnerability scanners are used to scan the IT environment and identify the vulnerabilities.
Step 5-Information Analysis and Planning- It will evaluate the identified vulnerabilities to devise a plan for penetrating into the network and systems.
How to do vulnerability Assessment?
Following is a detailed step by step process on How to do vulnerability Assessment
Step 1- Setup:
- Begin Documentation
- Secure Permissions
- Update Tools
- Configure tools
Step 2-Test Execution
Run the caught data packet here a packet is a unit of data that will be routed between an origin and the destination. When the file, for the example-mail message, HTML file, Uniform Resource Locator request and is sent from one place to another place on the internet, the TCP layer of TCP/IP bifurcates the file into the number of “chunks” for good and efficient routing and each of these chunks will be uniquely numbered and will include the internet address of the destination. These chunks are called packets. When all the packets will arrive they will be reassembled into the original file by the TCP layer at the receiving end while running the assessment tools.
Step 3-Vulnerability Analysis
- Defining and categorising network or system resources.
- Assigning priority to the resources
- Identifying potential threats to the resources.
- Developing and implementation of ways to minimize the consequences if an attack occurs.
- The process of fixing the vulnerabilities
- Performed for every vulnerability.