The document outlines the objectives and processes of vulnerability assessments and penetration testing, including key tasks such as risk assessment and remediation. It details various tools used for vulnerability assessment, such as Rapid7 InsightVM, Nessus, and QRadar Vulnerability Manager, while explaining the processes of both vulnerability assessment and penetration testing, along with their respective methodologies. Additionally, the document touches upon information security risk assessments, emphasizing the importance of identifying gaps in IT security architecture.

1. VULNERABILITY ASSESSMENT AND
PENETRATION
Vulnerability Assessment and Penetration Testing
July, 2021

2. VA & PT MAIN OBJECTIVE AND TASKS
 Vulnerability Assessment & Remediation
 Penetration Testing
Risk Assessment

3. WHAT IS VULNERABILITY ASSESSMENT ?
 A vulnerability assessment is a systematic review of security
weaknesses in an information system (servers, network devices,
applications etc...)
• evaluates if the system is susceptible to any known vulnerabilities
• assigns severity levels to those vulnerabilities.
• recommends remediation or mitigation activity.

4. THREATS THAT CAN BE DETECTED BY
VULNERABILITY ASSESSMENT ?
 SQL injection, XSS and other code injection attacks.
 Escalation of privileges due to faulty authentication mechanisms.
 Insecure defaults – software that ships with insecure settings,
such as a guessable admin passwords.
 Insecure ports and services

5. VULNERABILITY ASSESSMENT PROCESS:
The security scanning process consists of four steps: testing,
analysis, assessment and remediation.

6. VULNERABILITY ASSESSMENT TOOLS
1. Rapid7 InsightVM : is the vulnerability assessment software built for the
modern web.
 InsightVM combines complete ecosystem visibility, an unparalleled
understanding of the attacker mind-set, and the agility of security operations
so we can act before impact.
 InsightVM provides a fully available, scalable, and efficient way to collect our
mission & business critical assets vulnerability data, turn it into answers, and
minimize risk.

7. NESSUS
 Nessus is one of the most commonly used vulnerability scanner during
vulnerability assessment and penetration testing engagements.it is
developed and sold by Tenable security company in USA.
 The tool is free for non-enterprise use: however, for enterprise
consumption Nessus professional is most commonly used across many
industry as commercial version of Nessus.
 Advanced detection : can detect more than 56k threats the most in the
industry.

8. NESSUS PROVIDE
 High-speed asset discovery
 Target profiling
 Configuration auditing
 Malware detection
 Sensitive data discovery
 Discover vulnerabilities on a target system together with
recommendations on how to fix and patch the identified vulnerability.
 It offers mobile device management integration (only Nessus provide
this)
 Daily updates of plugins and integration with patch management
vendors.
 Easily integrated with Metasploit

9. QVM
 QRadar Vulnerability Manager (QVM) is a scanning platform that is used to
identify, manage, and prioritize the vulnerabilities on networked Information
system assets.
 This Platform is very important to see the Cyber security posture of
commercial Bank of Ethiopia using the under listed functionalities.
 Conduct a Vulnerability Scanning in order to identify all weakness
on any CBE information system assets.
 QVM provides Severity level of vulnerability’s based on CVSS and
CVE risk rating.
 For identified Vulnerability QVM provide recommended Solutions
from its fully equipped non-human intervened analytical resources.
 Generate vulnerability assessment result.

10. PENETRATION TESTING
 A penetration test, also known as a pen test, is a simulated cyber attack
against your computer system to check for exploitable vulnerabilities.
 can involve the attempted breaching of any number of application systems,
(e.g., application protocol interfaces (APIs), frontend/backend servers) to
uncover vulnerabilities, such as unsanitized inputs that are susceptible to
code injection attacks.

11. CONT.
 There are two pentesing methods:
. External testing :- External penetration tests target
the assets of a company that are visible on the internet, e.g., the
web application itself, the company website, and email and
domain name servers (DNS). The goal is to gain access and
extract valuable data.
. Internal testing:- In an internal test, a tester with
access to an application behind its firewall simulates an attack
by a malicious insider. This isn’t necessarily simulating a rogue
employee. A common starting scenario can be an employee whose
credentials were stolen due to a phishing attack.

12. PENETRATION TESTING PROCESS
Penetration testing

13. METASPLOIT (PENTESING TOOL)
 Metasploit Pro is an exploitation and vulnerability validation tool
that helps us divide the penetration testing workflow into
manageable sections.
 Metasploit Pro improves the efficiency of penetration testers by
providing unrestricted remote network access and enabling teams to
collaborate efficiently.

14. CONT.
 Metasploit Pro is an exploitation and vulnerability validation tool
that helps us divide the penetration testing workflow into
manageable sections.
 Metasploit Pro improves the efficiency of penetration testers by
providing unrestricted remote network access and enabling teams to
collaborate efficiently.

15. INFORMATION SECURITY RISK ASSESSMENT
 An information security risk assessment is to identify gaps in the
organization's IT security architecture, as well as review
compliance with InfoSec-specific laws, mandates and
regulations.

16. CONT.
 information security risk assessment focuses on three major
aspects people, process and technology

17. 17
THANK YOU !