Professional Documents
Culture Documents
0601288059
Computer Science and Engineering
Introduction
Example
VA TOOLS
Conclusion
A vulnerability Assessment is the process of
identifying, quantifying, and prioritizing
(ranking) the vulnerabilities in a system.
(LOCAL)
(REMOTE)
PoC (Proof of Concept)
Vulnerability
Exploit
Patch
OS (Operating System)
AV (Antivirus)
Firewall
Browsers
Applications (Desktop/Web-Based)
EXAMPLE
To create a healthy Network.
To be Hack proof
GFI LANguard :
Retina :
Core Impact :
Sara :
SAINT :
MBSA :
Not all potential vulnerabilities will be
confirmed as real vulnerabilities during the
tests. Some network-based vulnerability
assessment programs are able to distinguish
between a potential vulnerability and a
confirmed vulnerability
Reporting
phase-III
scope and methodology
detailed findings and directions for
improvements, possibly indexed by risk priority,
for the technical personnel. Links to vendor
advisories
recommendation to avoid the same findings in
the future
high level management reports, possibly
including historic trends, giving an overall
perspective of an organisation’s security posture
general recommendations and conclusions
Regularly perform vulnerability assessment
Update VA tools