Vulnerability Assessment Tools
Vulnerability Assessment (VA) tools are defined as security applications tools that scan enterprise networks to identify weaknesses that Threat Actor may exploit. When VA Tools finds weaknesses on network, software & system , the vulnerability software suggests or initiates remediation action, thereby minimizing the potential of a network & system attack.
There is many Vulnerability Assessment (VA) tools available. Some of them are commercial and some of them are open source. All of these tools have their own strengths and weaknesses. We can separate it these tools function wise. Following are some well-known Vulnerability Assessment (VA) tools,
Web Application Tools
- OWASP Zed Attack Proxy (ZAP)
- Burp Suite
- Nikto
- Arachni
Infrastructure and Network Tools
- Nmap
- hping
- Nessus
- OpenVAS
- Qualys
Wireless Assessment Tools
- Aircrack-ng
- Reaver
- oclHashcat
Cloud Infrastructure Assessment Tools
- Scout Suite
- Prowler
- Pacu
Like any other IT process, VA Tools follow a Vulnerability Management Life Cycle model. The model presented here follows the basic steps of Discover – Prioritize Assets – Assess – Report - Remediate - Verify and then again start with Discover. This lifecycle provides a good foundation for any security program.
The steps in the Vulnerability Management Life Cycle are described below.
- Discover: Scan network-accessible systems by VA tools and get inventory of all assets across the network and develop bassline of all assets including operating system and open services.
- Prioritize Assets: Categorize assets into groups on basis of their criticality to business operation.
- Assess: Accomplish this by using a baseline risk profile to eliminate risks according to vulnerability threats.
- Report: The data gathered must be compiled in a custom report that outlines the various vulnerabilities and prioritizes and addresses them.
- Remediate: Prioritize and fix vulnerabilities in order according to business risk. Establish controls and demonstrate progress.
- Verify: When the vulnerabilities have been identified and resolved, there must be consistent follow-up audits to ensure they won’t happen again. This is the verification stage.
No comments:
Post a Comment