Saturday 10 September 2022

Vulnerability Assessment Tools

 Vulnerability Assessment Tools

Vulnerability Assessment  (VA) tools are defined as security applications tools that scan enterprise networks to identify weaknesses that Threat Actor may exploit. When VA Tools finds weaknesses on network, software & system , the vulnerability software suggests or initiates remediation action, thereby minimizing the potential of a network & system attack. 

There is many Vulnerability Assessment  (VA) tools  available. Some of them are commercial and some of them are open source. All of these tools have their own strengths and weaknesses. We can separate it these tools function wise. Following are some well-known  Vulnerability Assessment  (VA) tools,

Web Application Tools

  • OWASP Zed Attack Proxy (ZAP) 
  • Burp Suite
  • Nikto
  • Arachni

Infrastructure and Network Tools

  • Nmap 
  • hping
  • Nessus
  • OpenVAS
  • Qualys

Wireless Assessment Tools

  • Aircrack-ng
  • Reaver
  • oclHashcat

Cloud Infrastructure Assessment Tools

  • Scout Suite
  • Prowler
  • Pacu

Like any other IT process, VA Tools  follow a Vulnerability Management Life Cycle model. The model presented here follows the basic steps of Discover – Prioritize Assets – Assess – Report - Remediate - Verify and then again start with Discover. This lifecycle provides a good foundation for any security program.


The steps in the Vulnerability Management Life Cycle are described below.

  • Discover: Scan network-accessible systems by VA tools and get inventory of all assets across the network and develop bassline of all assets including operating system and open services.
  • Prioritize Assets: Categorize assets into groups on basis of their criticality to business operation.
  • Assess: Accomplish this by using a baseline risk profile to eliminate risks according to vulnerability threats.
  • Report: The data gathered must be compiled in a custom report that outlines the various vulnerabilities and prioritizes and addresses them.
  • Remediate: Prioritize and fix vulnerabilities in order according to business risk. Establish controls and demonstrate progress.
  • Verify: When the vulnerabilities have been identified and resolved, there must be consistent follow-up audits to ensure they won’t happen again. This is the verification stage.
In future blogs, We  discuss one-by-one Vulnerability Assessment  (VA) tools with examples.


No comments:

Post a Comment

Building Own SIEM Environment using Opensource Tools (Part 4)

  Building Own SIEM Environment using Opensource Tools (Part 4) Wazuh Server As per last blog, we are going to install Wazuh server and Wazu...