Vulnerability assessment is a process that defines, identifies, and classifies the security gaps (vulnerabilities) in a computer software, network or infrastructure. An alternate term for vulnerability assessment is vulnerability analysis and this is an commonly used to determine counter measures for plugging these loopholes for product improvement or fight against external intrusion.
Vulnerability assessments can be outlined using the following process:
- Classifying network or system resources
- Qualifying relative levels of importance to the resources by assigning a base value
- Identifying potential threats to each resource
- Assess the severity of risk from low to high.
- Develop and action plan to to reduce vulnerabilities and mitigate exposure in the event an attack occurs.
Vulnerability Assessment and Penetration Testing (VAPT)
What is VAPT?. It stands for Vulnerability Assessment and Penetration Testing. This is a strategy which tests different vulnerabilities using combined techniques. The combined results often aids with providing a more comprehensive approach with system hardening.
In comparison, vulnerability assessment tools discovers which vulnerabilities are present, whereas vulnerability scanners notify companies of preexisting errors and flaws with their identified location.When an engineer or an analyst performs a penetration test, their overall aim is to exploit any unauthorized access to an application or network flaw. This test highlights the degree of risk and damages associated with a specific vulnerability.
In combination these tools provide valuable insight to engineers and the technology line of business as it relates to forecasting network or application improvement.