A Vulnerability Assessment is a process that defines, identifies, and classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure.
Vulnerability assessments are performed by using an off-the-shelf software package, such as Nessus or OpenVas to scan an IP address or range of IP addresses for known vulnerabilities.
In addition, vulnerability analysis can forecast the effectiveness of proposed countermeasures and evaluate their actual effectiveness after they are put into use.
What does Vulnerability Scanning mean?
Vulnerability scanning is a security technique used to identify security weaknesses in a computer system. Vulnerability scanning can be used by individuals or network administrators for security purposes, or it can be used by hackers attempting to gain unauthorized access to computer systems.
The downside of vulnerability scanning is that it can inadvertently result in computer crashes during the actual scan if the operating system views the vulnerability scan as invasive. Vulnerability scanners range from very expensive enterprise-level products to free open-source tools.
Types of vulnerability scanners include:
- Port Scanner: Probes a server or host for open ports
- Network Enumerator: A computer program used to retrieve information about users and groups on networked computers
- Network Vulnerability Scanner: A system that proactively scans for network vulnerabilities
- Web Application Security Scanner: A program that communicates with a Web application to find potential vulnerabilities within the application or its architecture
- Computer Worm: A type of self-replicated computer malware, which can be used to find out vulnerabilities