A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.
Examples of threats that can be prevented by vulnerability assessment include:
SQL injection, XSS and other code injection attacks. Escalation of privileges due to faulty authentication mechanisms. Insecure defaults – software that ships with insecure settings, such as a guessable admin passwords. There are several types of vulnerability assessments. These include:
Host assessment – The assessment of critical servers, which may be vulnerable to attacks if not adequately tested or not generated from a tested machine image. Network and wireless assessment – The assessment of policies and practices to prevent unauthorized access to private or public networks and network-accessible resources. Database assessment – The assessment of databases or big data systems for vulnerabilities and misconfigurations, identifying rogue databases or insecure dev/test environments, and classifying sensitive data across an organization’s infrastructure. Application scans – The identifying of security vulnerabilities in web applications and their source code by automated scans on the front-end or static/dynamic analysis of source code.