Common vulnerability assessment procedures include:
A) Network Vulnerability Assessment: This is the most common vulnerability assessment procedure. The objective of conducting an assessment for a vulnerability is to identify the vulnerable areas of a system or network so that the remedial measures can be applied. Most companies have internal researchers that conduct a variety of penetration testing methods and fake tests for the purpose of assessing network connectivity. These fake tests often times do not deliver the results that the company would like and can also create false alarms. Therefore, the internal researcher needs to thoroughly evaluate all the potential ways in which a penetration testing method may fail.
b) Common vulnerability assessment processes include a. Application Security Design (ASD) and a. Network Security Design (NSS).
c) Common vulnerability assessment processes also include: a. Traffic analysis, which involves the collection of network and application statistics; b. Application security testing; and c. False discovery rate (FDDR) based vulnerability assessment.
d) Common vulnerability assessment procedures involve a. Identification of false alarms; and b. Removal of unnecessary test elements and/or substitute components. When evaluating the false alarm rates, some companies make the assumption that all false alarms indicate a genuine vulnerability in a system or application, where the truth is that there are only a very few false alarms that reflect actual vulnerabilities in the system. Companies should be careful to look at the correlation between false alarm rates and actual vulnerability in order to determine whether or not to boost the overall vulnerability assessment budget.
e) A data flow analysis is another procedure that is frequently used by companies to assess the presence of a vulnerability. The process is often used as part of the vulnerability assessment process. In a data flow analysis, the personnel from IT, network, and physical security team perform an on-site investigation to collect the information that is necessary to perform a data flow vulnerability assessment. Based on the collected information, the team performs a series of troubleshooting steps and perform a vulnerability assessment. A data flow vulnerability assessment is performed to identify vulnerable application software components.
Common Vulnerability Assessment Processes Include:
f) A. Schema analysis: This procedure is performed in order to detect and list the security vulnerabilities. The personnel performing the procedure to use protocol analysis tool to determine if a given host device contains any vulnerability and list the vulnerable component(s). Once the vulnerability is detected, the next step is to fix the vulnerability so that it does not allow an attacker to gain access to the host system.
g) A. Traffic analysis: This process is also commonly known as the false discovery vulnerability. It is a procedure that identifies the protocol or application security risks that are regularly used by a web server or application. Typically, the personnel performing this process uses protocol analysis tool to determine if a given host device contains any vulnerability that can be exploited through targeted attacks.
h) A. Data flow analysis: The process called data flow analysis detects the process or application security risks that are commonly used by a network administrator. The personnel performs the procedure by connecting the input and output devices of the application and compares the results from the device with the requirements specified by the system administrator. Once the evaluation results are obtained, the results are categorized into vulnerable, controlled, or vulnerable configuration. Based on the results obtained, the next level of the scan is executed.
I) A. Phased Implementation: Once the vulnerability has been detected, a phased implementation plan is created. The phased implementation plan enables the information security team to make a decision whether to attempt a true security risk or to conduct a false alarm. The false alarm is conducted when the information security team informs the IT manager or the executive about the vulnerability. This saves the company incurring additional cost as well as the risk of a false positive scan.
j) A. Direct changeover: Once the information security team has analyzed the vulnerability and decided to conduct a false alarm or conduct a true security risk, a direct changeover takes place. The direct changeover typically includes an on-site physical examination of the application or network to find evidence of the vulnerability. Once the physical examination is complete, the software engineering team performs a manual verification to identify any issues with the identified vulnerability. However, in some cases where a manual verification cannot be performed, a secondary verification using automated testing tools is performed.
k) A. Detection and Fixation: Once a vulnerability is identified, the information security team performs an on-site scan or automated scanning to identify any exploited software on the system. Once the scanning is complete, the software engineering team conducts a manual audit to identify and correct the vulnerabilities. In addition, manual corrective activities may be required for the application’s server, database, or application itself. For example, if the application’s server is compromised, the penetration tester may need to determine the server’s configuration and obtain information about exploited servers. Manual scanning and audit are essential parts of the process of vulnerability detection.