Word of the Day: vulnerability assessment

Word of the Day: Daily updates on the latest technology terms

Word of the Day Daily updates on the latest technology terms | October 1, 2019 vulnerability assessment A vulnerability assessment is a process that defines, identifies, classifies and prioritizes weaknesses in a computer system, software application or network infrastructure. The goal of the assessment is to understand potential threats and react appropriately. Vulnerability assessments typically involve the use of automated testing tools that conduct scans. Types of scans include: Network-based scans -- used to identify possible network security attack vectors.   Host-based scans -- used to locate and identify vulnerabilities in servers, workstations or other network hosts.   Wireless network scans -- used to identify rogue access points and spot weaknesses in configuration settings.   Application scans -- used to detect known software vulnerabilities and erroneous configurations in applications that connect to the internet.   Database scans -- used to identify the weak points in a database and prevent malicious attacks, such as SQL injection attacks. Vulnerability assessments vs. penetration tests A vulnerability assessment aims to uncover weaknesses in a network and recommend the appropriate mitigation or remediation to reduce or remove the risks. Although sometimes carried out in concert with vulnerability assessments, the primary aim of pen tests is to check whether a vulnerability really exists and prove that exploiting it can damage the application or network. A vulnerability assessment often includes a penetration testing component to identify vulnerabilities in an organization's personnel, procedures or processes that might not be detectable with network or system scans. The process is sometimes referred to as vulnerability assessment/penetration testing, or VAPT. While a vulnerability assessment is usually automated, penetration testing generally combines automated and manual techniques. Quote of the Day "Vulnerability management tools help information security teams stay ahead of the rising tide of security issues in their organizations." - Mike Chapple Related Terms vulnerability scanning risk assessment SQL injection penetration testing vulnerability management PCI assessment Learning Center   Penetration testing vs. red team: What's the difference? They're subtle, but the differences between penetration testing vs. red team can be crucial. Understand the differences in how these types of security assessments are used to help balance your organization's security efforts.   Choose the best vulnerability assessment tools This Buyer's Essentials guides InfoSec pros in the assessment and purchase of vulnerability management tools. It explains how they work and highlights key features corporate buyers should look for. Implement a DevSecOps pipeline to boost releases' security posture Don't put all your hopes on the security group's prerelease scan of application releases. Instead, explore what goes into a DevSecOps pipeline, including the various security standards, forms of testing and types of audits, as well as common DevSecOps tools for each step. How to perform a building security assessment A building security assessment of cyber and physical risks is a large undertaking that requires significant preparation and strategizing. Learn what to do once you've thoroughly prepared to review a large building. 5 ways to achieve a risk-based security strategy A risk-based security strategy can identify the true threats to your enterprise and help meet compliance regulations along the way. Learn how to create a security strategy based on risk in five simple steps. Quiz Yourself The risk assessment guidelines for school buses addressed traffic conditions _______ small and large vehicles interact at a range of speeds. a. where b. in which Answer Stay in Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com Visit the Word of the Day Archives and catch up on what you've missed! FOLLOW US About This E-Newsletter The Word of the Day is published by TechTarget, Inc., 275 Grove Street, Newton, Massachusetts, 02466 US. Click to: Unsubscribe. You are receiving this email because you are a member of TechTarget. When you access content from this email, your information may be shared with the sponsors or future sponsors of that content and with our Partners, see up-to-date Partners List, as described in our Privacy Policy. For additional information, please contact: webmaster@techtarget.com. © 2019 TechTarget, Inc. all rights reserved. Designated trademarks, brands, logos, and service marks are the property of their respective owners. Privacy Policy | Partners List