Vulnerability Assessment – ||

Reading Time: 3  min

In previous blog post we understood about what is vulnerability and what is exploit. In this blog post we will look at why any organization should go for vulnerability assessment? And what is the major difference between Penetration Testing and Vulnerability assessment. We will take a look at ISO 27001 requirement for vulnerability assessment.

Why Vulnerability Assessment?

Organizations are using information technology to make their work fast, efficient and manageable but it is also observed that they do not take care about information security which many times lead in negative impact. Organizations give access to internet along with intranet which can tend to steal data. It is important that an organization should have vulnerability assessment policy and it is implemented properly.

As per the ISO 27001 standard one should look for following vulnerability

  • Access control error — Lack of enforcement
  • Authentication error – inadequate identification mechanisms
  • Boundary error – inadequate checking/validating mechanisms
  • Configuration error – improper configuration
  • Exception handling error – improper setup or coding
  • Input validation error – lack of verification mechanisms
  • Randomization error – mismatch in random data
  • Resource error – lack of resources
  • State error — incorrect process flow

All above mentioned vulnerability are of any application but as I mentioned earlier application is not the limiting factor one should check for physical security as well.

Vulnerability Assessment Vs. Penetration Testing

Majority people feel that Vulnerability Assessment and Penetration Testing both is one and the same thing, but in fact both are different things. Vulnerability assessment is limited to finding and classifying the threats/risks. While as Penetration Testing goes beyond that and it will try to exploit the vulnerability.

Sample Vulnerability Assessment Report file can be downloaded from

Stay Updated
Please enable JavaScript in your browser to complete this form.
LinkedIn
Share
Copy link
URL has been copied successfully!

Other stories you may enjoy...

The Internet: Then and Now

It has been a big week in tech. Not only did we have the Google I/O keynote yesterday (last week’s blog covered that in more detail), but also Kleiner Perkins Caufield &...

Secure Your WordPress | Tool Explained wpscan

WordPress is one of the most popular CMS among its entire open source competitor. WordPress has very simple and open framework. It is the most desirable choice of any hacker to...

Information Gathering — Web Application Analysis

Till now we have seen theory part of web application security. Now I will try to include various ethical hacking/ penetration testing aspects with visual / video. At initial level...