The vulnerability assessment process, intended to identify threats and the risks they pose, typically involves the use of automated testing tools that includes network security scanners and the results are detailed in a vulnerability assessment report.
Organizations of any size or even individuals who face an increased risk of cyberattacks, can benefit from some form of vulnerability assessment. However, large enterprises and other types of organizations that are subject to ongoing attacks, will benefit the most from vulnerability analysis because security vulnerabilities can enable hackers to access IT systems and applications and it is, therefore, essential for enterprises to identify and remediate weaknesses before they can be exploited. A comprehensive vulnerability assessment, along with a management program, can assist companies improve the security of their systems.
Types of vulnerability assessments depend on discovering different types of system or network vulnerabilities which means the assessment process includes using a variety of tools, scanners and methodologies to identify vulnerabilities, threats and risks. Some of the various types of vulnerability assessment scans include the following:
Network-based scans are used to identify possible network security attacks. This type of scan can also detect vulnerable systems on wired or wireless networks.
Host-based scans are used to locate and identify vulnerabilities in servers, work-stations or other network hosts. This type of scan usually examines ports and services that may also be visible to network-based scans but it offers greater visibility into the configuration settings and patch history of scanned systems.
Wireless network scans of an organization's Wi-Fi networks usually focus on points of attack in the wireless network infrastructure. In addition to identifying rogue access points, a wireless network scan can also validate that a company's network is securely configured.
Application scans can be used to test websites to detect known software vulnerabilities and erroneous configurations in network or web applications.
Database scans can be used to identify database weak points so as to prevent malicious attacks such as SQL injection attacks.