VULNERABILITY ASSESSMENT

Background
share close

Vulnerability Assessment


A vulnerability assessment is the testing process used to identify and assign severity levels to as many security defects as possible in a given timeframe. This process may involve automated and manual techniques with varying degrees of rigor and an emphasis on comprehensive coverage. Using a risk-based approach, vulnerability assessments may target different layers of technology, the most common being host-, network-, and application-layer assessments.

Vulnerability testing helps organizations identify vulnerabilities in their software and supporting infrastructure before a compromise can take place. But, what exactly is a software vulnerability?

A vulnerability can be defined in two ways:

  1. A bug in code or a flaw in software design that can be exploited to cause harm. Exploitation may occur via an authenticated or unauthenticated attacker.
  2. A gap in security procedures or a weakness in internal controls that when exploited results in a security breach.

Whether your organization develops applications or uses third-party applications, vulnerability testing annually, or after significant changes to the applications or application environments are implemented, is critical to ensure a rock-solid security initiative.