Vulnerability Assessment

A vulnerability assessment is the process of defining and identification, classifying and prioritizing vulnerabilities in networks and computer systems, applications and databases and providing the organization doing the assessment with the necessary help, awareness and risk qualification to understand the possible threats for their environment and react on them appropriately.

About Vulnerability Assessment

Vulnerability assessment has many things in common with risk assessment. Assessments are typically performed according to the following steps:

  1. Cataloging assets and capabilities (resources) in a system.
  2. Assigning quantifiable value (or at least rank order) and importance to those resources
  3. Identifying the vulnerabilities or potential threats to each resource
  4. Mitigating or eliminating the most serious vulnerabilities for the most valuable resources

The GSA (also known as the General Services Administration) has standardized the “Risk and Vulnerability Assessments (RVA)” service as a pre-vetted support service, to rapidly conduct assessments of threats and vulnerabilities, determine deviations from acceptable configurations, enterprise or local policy, assess the level of risk, and develop and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. This standardized service offers the following pre-vetted support services:

  • Network Mapping
  • Vulnerability Scanning
  • Phishing Assessment
  • Wireless Assessment
  • Web Application Assessment
  • Operating System Security Assessment (OSSA)
  • Database Assessment
  • Penetration Testing

These services are commonly referred to as Highly Adaptive Cybersecurity Services (HACS) and are listed at the US GSA Advantage website.

The very key component of a vulnerability assessment is the proper definition for possible impact loss rating and the system’s vulnerability to some specific threats.

Impact loss may differ for each system. As example a utility system, like power and water, may prioritize vulnerabilities to items that could disrupt services or damage facilities, like calamities, tampering and terrorist attacks.

However, an information system (IS), like a website with databases, may require an assessment of its vulnerability to hackers and other forms of cyberattack. On the other hand, a data center may require an assessment of both physical and virtual vulnerabilities because it requires security for its physical facility and cyber presence.

Organizations of any size, or even individuals who face an increased risk of cyberattacks, can benefit from some form of vulnerability assessment, but large enterprises and other types of organizations that are subject to ongoing attacks will benefit most from vulnerability analysis.

Most effective vulnerability assessment approach when you combine automation of information gathering and vulnerability identification process with manual review of the results and additional validation to reduce possible false positives and try to work out most critical types of vulnerabilities. So vulnerability assessment services may be very helpful on long term basis and can be applied for example each month. For penetration testing recommended to use them at least once a year of after every major release.

Approach for Vulnerability Assessment

Here are steps for effective vulnerability assessment of an organization network:

  1. Identify and realize the approach of your company or industry like how it is structured and managed.
  2. Trace the data, systems, and applications that are exercised throughout the practice of the business.
  3. Examine the unobserved data sources capable of allowing simple entry to the protected information.
  4. Classify both the virtual and physical servers that run the essential business applications.
  5. Track all the existing security measures which are already implemented.
  6. Inspect the network for any vulnerability .

Tools for Vulnerability Assessment

1. Comodo HackerProof

Comodo’s HackerProof is considered to be a revolutionary vulnerability scanning and trust building tool that enables overcoming the security concerns of your visitors. Following are a few key benefits you can obtain from HackerProof:

  • Reduce cart abandonment
  • Daily vulnerability scanning
  • PCI scanning tools included
  • Drive-by attack prevention
  • Build valuable trust with visitors
  • Convert more visitors into buyers

Besides the above-mentioned benefits, HackerProof also provides the visual indicator needed by your customers to feel safe transacting with you. It helps decrease shopping cart abandonment, enhance conversion rates, and drive your overall revenue up. Finally, it includes patent-pending scanning technology, SiteInspector, which is capable of eliminating drive-by attacks, thus providing a new level of security for all those who proudly display the HackerProof logo.

2. OpenVAS

This is an open source tool serving as a central service that provides vulnerability assessment tools for both vulnerability scanning and vulnerability management.

  • OpenVAS supports different operating systems
  • The scan engine of OpenVAS is constantly updated with the Network Vulnerability Tests
  • OpenVAS scanner is a complete vulnerability assessment tool identifying issues related to security in the servers and other devices of the network
  • OpenVAS services are free of cost and are usually licensed under GNU General Public License (GPL)

3. Nexpose Community

Developed by Rapid7, Nexpose vulnerability scanner is an open source tool used for scanning the vulnerabilities and carrying out a wide range of network checks.

  • Nexpose can be incorporated into a Metaspoilt framework
  • It takes into account the age of the vulnerability like which malware kit is employed in it, what advantages are used by it etc. and fixes the issue based on its priority
  • It is capable of automatically detecting and scanning the new devices and evaluating the vulnerabilities when they access the network
  • It monitors the exposure of vulnerabilities in real-time, familiarizing itself to latest hazards with new data
  • Most of the vulnerability scanners usually categorize the risks employing a medium or high or low scale

4. Nessus Professional

Nessus tool is a branded and patented vulnerability scanner created by Tenable Network Security.

  • It prevents the networks from the penetrations made by hackers by assessing the vulnerabilities at the earliest
  • It can scan the vulnerabilities which permit remote hacking of sensitive data from a system
  • It supports an extensive range of OS, Dbs, applications and several other devices among cloud infrastructure, virtual and physical networks
  • It has been installed and used by millions of users all over the world for vulnerability assessment, configuration issues etc.

5. Aircrack

Aircrack, also known as Aircrack-NG, is a set of tools employed for assessing the WiFi network security.

  • Aircrack tools are also used in network auditing
  • It supports multiple OS like Linux, OS X, Solaris, NetBSD, Windows etc.
  • It focuses on different areas of WiFi Security like monitoring the packets and data, testing the drivers and cards, replaying attacks, cracking etc.
  • With Aircrack, it is possible to retrieve the lost keys by capturing the data packets

Specifically for web applications can be used some other solutions from popular vendors:

1. Acunetix

Acunetix is a fully automated web vulnerability scanner that detects and reports on over 4500 web application vulnerabilities including all variants of SQL Injection and XSS.

The Acunetix crawler fully supports HTML5 and JavaScript and Single-page applications, allowing auditing of complex, authenticated applications.

It bakes in advanced Vulnerability Management features right-into its core, prioritizing risks based on data through a single, consolidated view, and integrating the scanner’s results into other tools and platforms.

2. Netsparker

Netsparker is a dead accurate automated scanner that will identify vulnerabilities such as SQL Injection and Cross-site Scripting in web applications and web APIs.

Netsparker uniquely verifies the identified vulnerabilities proving they are real and not false positives. Therefore you do not have to waste hours manually verifying the identified vulnerabilities once a scan is finished. It is available as a Windows software and as online service.

3. Nikto

Nikto is a very admired and open source web scanner used to assess the probable issues and vulnerabilities.

  • Nikto is used to carry out wide-ranging tests on web servers to scan various items like few hazardous programs or files
  • Nikto is also used to verify the server version’s whether they are outdated, and also checks for any specific problem that affects the server’s functioning
  • Nikto is used to scan various protocols like HTTP, HTTPS, HTTPd etc. Using this tool one can scan multiple ports of a particular server
  • Nikto is not considered as a quiet tool. It is used to test a web server in the least possible time