What is a vulnerability assessment?
A vulnerability assessment is the testing process used to identify and assign severity levels to as many security defects as possible in a given timeframe. This process may involve automated and manual techniques with varying degrees of rigor and an emphasis on comprehensive coverage. Using a risk-based approach, vulnerability assessments may target different layers of technology, the most common being host-, network-, and application-layer assessments.
Vulnerability testing helps organizations identify vulnerabilities in their software and supporting infrastructure before a compromise can take place. But, what exactly is a software vulnerability?
A vulnerability can be defined in two ways:
- A bug in code or a flaw in software design that can be exploited to cause harm. Exploitation may occur via an authenticated or unauthenticated attacker.
- A gap in security procedures or a weakness in internal controls that when exploited results in a security breach.