SlideShare a Scribd company logo

Vulnerability assessment-info-savvy

I
infosavvy

Vulnerability assessment that uses network scanners to scan the network to identify the hosts, services, and vulnerabilities present in that network. Active network scanners have the capability to reduce the intrusiveness of the checks they perform.

Education
1 of 4
Download to read offline
Types of Vulnerability Assessment Given below are the different types of vulnerability assessments:  Active Assessment Active assessments are a type of vulnerability assessment that uses network scanners to scan the network to identify the hosts, services, and vulnerabilities present in that network. Active network scanners have the capability to reduce the intrusiveness of the checks they perform.  Passive Assessment Passive assessments sniff the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities. Passive assessments also provide a list of the users who are a recently using the network.  External Assessment External assessment assesses the network from a hacker's point of view to find out what exploits and vulnerabilities are accessible to the outside world. These types of assessments use external devices such as firewalls, routers, and servers. An external assessment estimates the threat of network security attacks external to the organization. it determines how secure the external network and firewall are.
The following are some of the possible steps in performing an external assessment:  Determine the set of rules for firewall and router configurations for the external network  Check whether external server devices and network devices are mapped  identify open ports and related services on the external network  Examine patch levels on the server and external network devices  Review detection systems such as IDS, firewalls, and application-layer protection systems  Get information on DNS zones  Scan the external network through a variety of proprietary tools available or the Internet  Examine web applications si.ch as e-commerce arc shopping cart software for vulnerability  internal Assessment An internal assessment involves scrutinizing the internal network to find exploits and vulnerabilities. The following are some of the possible steps in performing an internal assessment:  Specify the open ports aria related services on network devices, servers, and systems  Check for router configurations and tire wall rule sets  List the internal vulnerabilities of the operating system and server  Scan for Trojans that may be present in the internal environment  Check the patch levels on the organization's internal network devices, servers, and systems  Check for the existence of malware, spyware, and virus activity and document them  Evaluate the physical security  Identify and review the remote management process and events  Assess the file-sharing mechanisms if or example, NFS and SMB/CIFS shares) 0 Examine the antivirus implementation and events  Host-based Assessment Host-based assessments are a type of security check that involves carrying out a configuration-level check through the command line. These assessments check the security of a particular network or server. Host-based scanners assess systems to identify vulnerabilities such as incorrect registry and file permissions, as well as
software configuration errors. Host-based assessment can use many commercial and open-source scanning tools.  Network Assessments vulnerabilities such as missing patches, unnecessary services, weak authentication, and weak encryption. Network assessment professionals use firewall and network scanners such as Nessus. These scanners find open ports, recognize the services running on those parts, and find vulnerabilities associated with these services. These assessments help organizations determine how vulnerable systems are to Internet and Intranet attacks. and how an attacker can gain access to important information. A typical network assessment conducts the following tests on a network: o Checks the network topologies for inappropriate firewall configuration o Examines the router filtering rules o Identities inappropriately configured database servers o Tests individual services and protocols such as HTTP, SNMP, and FTP o Reviews HTML source code for unnecessary information o Performs bounds checking on variables  Application Assessments An application assessment focuses on transactional web applications, traditional client-server applications, and hybrid systems. It analyzes all elements of an application infrastructure, including deployment and communication within the client and server. This type of assessment tests the web server infrastructure for any misconfiguration, outdated content, and known vulnerabilities. Security professionals use both commercial and open-source tools to perform such, assessments.  Wireless Network Assessments Wireless network assessment determines the vulnerabilities in an organization's wireless networks. In the past, wireless networks used weak and defective data encryption mechanisms. Now, wireless network standards have evolved, but many networks still use the weak and outdated security mechanisms and are open for attack. Wireless network assessments try to attack wireless authentication mechanisms and get unauthorized access. This type of assessment tests wireless networks and identifies rogue wireless networks that may exist within an organization's perimeter. These assessments audit client-specified sites with a
wireless network. They sniff wireless network traffic and try to crack encryption keys. Auditors test other network access once they get access to the wireless network.  identify open ports and related services on the external network  Examine patch levels on the server and external network devices  Review detection systems such as IDS, firewalls, and application-layer protection systems  Get information on DNS zones  Scan the external network through a variety of proprietary tools available or the Internet  Examine web applications si.ch as e-commerce arc shopping cart software for vulnerability

Recommended

Data security auditing and accountability
Data security auditing and accountabilityData security auditing and accountability
Data security auditing and accountabilityLeo Mark Villar
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionProgrammer
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefEnda Crossan
 
Evento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCANEvento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCANSWASCAN
 
Software security testing
Software security testingSoftware security testing
Software security testingnehabsairam
 
Vulnerability
VulnerabilityVulnerability
VulnerabilityMohit Dholakiya
 
Scanning web vulnerabilities
Scanning web vulnerabilitiesScanning web vulnerabilities
Scanning web vulnerabilitiesMohit Dholakiya
 
Firewall
FirewallFirewall
Firewalltrilokchandra prakash
 

Recommended

Data security auditing and accountability
Data security auditing and accountabilityData security auditing and accountability
Data security auditing and accountabilityLeo Mark Villar
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionProgrammer
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefEnda Crossan
 
Evento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCANEvento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCANSWASCAN
 
Software security testing
Software security testingSoftware security testing
Software security testingnehabsairam
 
Vulnerability
VulnerabilityVulnerability
VulnerabilityMohit Dholakiya
 
Scanning web vulnerabilities
Scanning web vulnerabilitiesScanning web vulnerabilities
Scanning web vulnerabilitiesMohit Dholakiya
 
Firewall
FirewallFirewall
Firewalltrilokchandra prakash
 
WednesdayBarabanovSecureSoftwareDevelopmentInTheRussianITSecurityCertificatio...
WednesdayBarabanovSecureSoftwareDevelopmentInTheRussianITSecurityCertificatio...WednesdayBarabanovSecureSoftwareDevelopmentInTheRussianITSecurityCertificatio...
WednesdayBarabanovSecureSoftwareDevelopmentInTheRussianITSecurityCertificatio...Alexander Barabanov
 
9. Vulnerability Assessments-cyber51
9. Vulnerability Assessments-cyber519. Vulnerability Assessments-cyber51
9. Vulnerability Assessments-cyber51Doree Garcia, CCNA, OSWP
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityGeevarghese Titus
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareNatraj G
 
Inside forti os-v524-r5
Inside forti os-v524-r5Inside forti os-v524-r5
Inside forti os-v524-r5Lan & Wan Solutions
 
Lesson 2 scanning
Lesson 2 scanningLesson 2 scanning
Lesson 2 scanningFrankVianzon
 
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your RiskHow to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your RiskSurfWatch Labs
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSIJNSA Journal
 
CTAP
CTAPCTAP
CTAPLan & Wan Solutions
 
The Spark
The SparkThe Spark
The Sparkguest5b4748
 
Virtual Firewall Management
Virtual Firewall ManagementVirtual Firewall Management
Virtual Firewall ManagementRagavan Seetharaman
 
CTAP
CTAPCTAP
CTAPLan & Wan Solutions
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareTyler Shields
 
Application Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityApplication Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityLumension
 
Firewall Analyzer - Middle East Workshop
Firewall Analyzer - Middle East WorkshopFirewall Analyzer - Middle East Workshop
Firewall Analyzer - Middle East WorkshopManageEngine, Zoho Corporation
 
CISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingCISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingSam Bowne
 
Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Joseph Iannelli
 
New OpManager v12
New OpManager v12New OpManager v12
New OpManager v12Inuit AB
 
Fingerprinting healthcare institutions
Fingerprinting healthcare institutionsFingerprinting healthcare institutions
Fingerprinting healthcare institutionssecurityxploded
 
Zero day malware detection
Zero day malware detectionZero day malware detection
Zero day malware detectionsujeeshkumarj
 
Infrastructure & Network Vulnerability Assessment and Penetration Testing
Infrastructure & Network Vulnerability Assessment and Penetration TestingInfrastructure & Network Vulnerability Assessment and Penetration Testing
Infrastructure & Network Vulnerability Assessment and Penetration TestingElanusTechnologies
 
Types of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdfTypes of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdfCyber security professional services- Detox techno
 

More Related Content

What's hot

WednesdayBarabanovSecureSoftwareDevelopmentInTheRussianITSecurityCertificatio...
WednesdayBarabanovSecureSoftwareDevelopmentInTheRussianITSecurityCertificatio...WednesdayBarabanovSecureSoftwareDevelopmentInTheRussianITSecurityCertificatio...
WednesdayBarabanovSecureSoftwareDevelopmentInTheRussianITSecurityCertificatio...Alexander Barabanov
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityGeevarghese Titus
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareNatraj G
 
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your RiskHow to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your RiskSurfWatch Labs
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSIJNSA Journal
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareTyler Shields
 
Application Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityApplication Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityLumension
 
CISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingCISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingSam Bowne
 
Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Joseph Iannelli
 
New OpManager v12
New OpManager v12New OpManager v12
New OpManager v12Inuit AB
 
Fingerprinting healthcare institutions
Fingerprinting healthcare institutionsFingerprinting healthcare institutions
Fingerprinting healthcare institutionssecurityxploded
 
Zero day malware detection
Zero day malware detectionZero day malware detection
Zero day malware detectionsujeeshkumarj
 

What's hot (20)

WednesdayBarabanovSecureSoftwareDevelopmentInTheRussianITSecurityCertificatio...
WednesdayBarabanovSecureSoftwareDevelopmentInTheRussianITSecurityCertificatio...WednesdayBarabanovSecureSoftwareDevelopmentInTheRussianITSecurityCertificatio...
WednesdayBarabanovSecureSoftwareDevelopmentInTheRussianITSecurityCertificatio...
 
9. Vulnerability Assessments-cyber51
9. Vulnerability Assessments-cyber519. Vulnerability Assessments-cyber51
9. Vulnerability Assessments-cyber51
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
 
Inside forti os-v524-r5
Inside forti os-v524-r5Inside forti os-v524-r5
Inside forti os-v524-r5
 
Lesson 2 scanning
Lesson 2 scanningLesson 2 scanning
Lesson 2 scanning
 
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your RiskHow to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
 
CTAP
CTAPCTAP
CTAP
 
The Spark
The SparkThe Spark
The Spark
 
Virtual Firewall Management
Virtual Firewall ManagementVirtual Firewall Management
Virtual Firewall Management
 
CTAP
CTAPCTAP
CTAP
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
 
Application Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityApplication Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs Security
 
Firewall Analyzer - Middle East Workshop
Firewall Analyzer - Middle East WorkshopFirewall Analyzer - Middle East Workshop
Firewall Analyzer - Middle East Workshop
 
CISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingCISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and Testing
 
Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015
 
New OpManager v12
New OpManager v12New OpManager v12
New OpManager v12
 
Fingerprinting healthcare institutions
Fingerprinting healthcare institutionsFingerprinting healthcare institutions
Fingerprinting healthcare institutions
 
Zero day malware detection
Zero day malware detectionZero day malware detection
Zero day malware detection
 

Similar to Vulnerability assessment-info-savvy

Infrastructure & Network Vulnerability Assessment and Penetration Testing
Infrastructure & Network Vulnerability Assessment and Penetration TestingInfrastructure & Network Vulnerability Assessment and Penetration Testing
Infrastructure & Network Vulnerability Assessment and Penetration TestingElanusTechnologies
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51martinvoelk
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxSUBHI7
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system securityGary Mendonca
 
(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration TestingBluechip Gulf IT Services
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxTikdiPatel
 
What Are The Types of Malware? Must Read
What Are The Types of Malware? Must ReadWhat Are The Types of Malware? Must Read
What Are The Types of Malware? Must ReadBytecode Security
 
What is penetration testing
What is penetration testingWhat is penetration testing
What is penetration testingsakshisoni076
 
Web Application Penetration Test
Web Application Penetration TestWeb Application Penetration Test
Web Application Penetration Testmartinvoelk
 
What are The Types of Pen testing.pdf
What are The Types of Pen testing.pdfWhat are The Types of Pen testing.pdf
What are The Types of Pen testing.pdfBytecode Security
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 
Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS - Part 1Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS - Part 1Rhydham Joshi
 
Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS - Part 1Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS - Part 1Rhydham Joshi
 
The Role of Port Monitoring for Network Uptime - March.pptx
The Role of Port Monitoring for Network Uptime - March.pptxThe Role of Port Monitoring for Network Uptime - March.pptx
The Role of Port Monitoring for Network Uptime - March.pptxawakish
 
Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1robin_bene
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Jeff Suratt
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfAmeliaJonas2
 
Whitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest MindsWhitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest MindsHappiest Minds Technologies
 

Similar to Vulnerability assessment-info-savvy (20)

Infrastructure & Network Vulnerability Assessment and Penetration Testing
Infrastructure & Network Vulnerability Assessment and Penetration TestingInfrastructure & Network Vulnerability Assessment and Penetration Testing
Infrastructure & Network Vulnerability Assessment and Penetration Testing
 
Types of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdfTypes of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdf
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docx
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptx
 
What Are The Types of Malware? Must Read
What Are The Types of Malware? Must ReadWhat Are The Types of Malware? Must Read
What Are The Types of Malware? Must Read
 
NSA and PT
NSA and PTNSA and PT
NSA and PT
 
What is penetration testing
What is penetration testingWhat is penetration testing
What is penetration testing
 
Web Application Penetration Test
Web Application Penetration TestWeb Application Penetration Test
Web Application Penetration Test
 
What are The Types of Pen testing.pdf
What are The Types of Pen testing.pdfWhat are The Types of Pen testing.pdf
What are The Types of Pen testing.pdf
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
 
Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS - Part 1Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS - Part 1
 
Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS - Part 1Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS - Part 1
 
The Role of Port Monitoring for Network Uptime - March.pptx
The Role of Port Monitoring for Network Uptime - March.pptxThe Role of Port Monitoring for Network Uptime - March.pptx
The Role of Port Monitoring for Network Uptime - March.pptx
 
Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1Owasp methodologies of Security testing part1
Owasp methodologies of Security testing part1
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers 
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdf
 
Whitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest MindsWhitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest Minds
 

Recently uploaded

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxabhijeetpadhi001
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.arsicmarija21
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 

Recently uploaded (20)

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptx
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 

Vulnerability assessment-info-savvy

  • 1. Types of Vulnerability Assessment Given below are the different types of vulnerability assessments:  Active Assessment Active assessments are a type of vulnerability assessment that uses network scanners to scan the network to identify the hosts, services, and vulnerabilities present in that network. Active network scanners have the capability to reduce the intrusiveness of the checks they perform.  Passive Assessment Passive assessments sniff the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities. Passive assessments also provide a list of the users who are a recently using the network.  External Assessment External assessment assesses the network from a hacker's point of view to find out what exploits and vulnerabilities are accessible to the outside world. These types of assessments use external devices such as firewalls, routers, and servers. An external assessment estimates the threat of network security attacks external to the organization. it determines how secure the external network and firewall are.
  • 2. The following are some of the possible steps in performing an external assessment:  Determine the set of rules for firewall and router configurations for the external network  Check whether external server devices and network devices are mapped  identify open ports and related services on the external network  Examine patch levels on the server and external network devices  Review detection systems such as IDS, firewalls, and application-layer protection systems  Get information on DNS zones  Scan the external network through a variety of proprietary tools available or the Internet  Examine web applications si.ch as e-commerce arc shopping cart software for vulnerability  internal Assessment An internal assessment involves scrutinizing the internal network to find exploits and vulnerabilities. The following are some of the possible steps in performing an internal assessment:  Specify the open ports aria related services on network devices, servers, and systems  Check for router configurations and tire wall rule sets  List the internal vulnerabilities of the operating system and server  Scan for Trojans that may be present in the internal environment  Check the patch levels on the organization's internal network devices, servers, and systems  Check for the existence of malware, spyware, and virus activity and document them  Evaluate the physical security  Identify and review the remote management process and events  Assess the file-sharing mechanisms if or example, NFS and SMB/CIFS shares) 0 Examine the antivirus implementation and events  Host-based Assessment Host-based assessments are a type of security check that involves carrying out a configuration-level check through the command line. These assessments check the security of a particular network or server. Host-based scanners assess systems to identify vulnerabilities such as incorrect registry and file permissions, as well as
  • 3. software configuration errors. Host-based assessment can use many commercial and open-source scanning tools.  Network Assessments vulnerabilities such as missing patches, unnecessary services, weak authentication, and weak encryption. Network assessment professionals use firewall and network scanners such as Nessus. These scanners find open ports, recognize the services running on those parts, and find vulnerabilities associated with these services. These assessments help organizations determine how vulnerable systems are to Internet and Intranet attacks. and how an attacker can gain access to important information. A typical network assessment conducts the following tests on a network: o Checks the network topologies for inappropriate firewall configuration o Examines the router filtering rules o Identities inappropriately configured database servers o Tests individual services and protocols such as HTTP, SNMP, and FTP o Reviews HTML source code for unnecessary information o Performs bounds checking on variables  Application Assessments An application assessment focuses on transactional web applications, traditional client-server applications, and hybrid systems. It analyzes all elements of an application infrastructure, including deployment and communication within the client and server. This type of assessment tests the web server infrastructure for any misconfiguration, outdated content, and known vulnerabilities. Security professionals use both commercial and open-source tools to perform such, assessments.  Wireless Network Assessments Wireless network assessment determines the vulnerabilities in an organization's wireless networks. In the past, wireless networks used weak and defective data encryption mechanisms. Now, wireless network standards have evolved, but many networks still use the weak and outdated security mechanisms and are open for attack. Wireless network assessments try to attack wireless authentication mechanisms and get unauthorized access. This type of assessment tests wireless networks and identifies rogue wireless networks that may exist within an organization's perimeter. These assessments audit client-specified sites with a
  • 4. wireless network. They sniff wireless network traffic and try to crack encryption keys. Auditors test other network access once they get access to the wireless network.  identify open ports and related services on the external network  Examine patch levels on the server and external network devices  Review detection systems such as IDS, firewalls, and application-layer protection systems  Get information on DNS zones  Scan the external network through a variety of proprietary tools available or the Internet  Examine web applications si.ch as e-commerce arc shopping cart software for vulnerability