How To Perform A Vulnerability Assessment In 8 Steps

Contents

There are 8 steps to performing a vulnerability assessment, which includes:

  1. Conducting risk identification and analysis.
  2. Developing vulnerability scanning policies and procedures.
  3. Identifying the type of vulnerability scan.
  4. Configuring the scan.
  5. Performing the scan.
  6. Evaluating risks.
  7. Interpreting the scan results.
  8. Creating a remediation and mitigation plan.

Free Security Policy Templates

Get a step ahead of your cybersecurity goals with our comprehensive templates.

IT Security Policy Templates

Let’s be honest, no business wants to expose itself to risk. Or, worse yet, be the headline story of the latest cyber attacks.

Recent research suggests that 60% of breaches involved unpatched vulnerabilities.

One way to mitigate this risk is by performing routine vulnerability assessments.

In this article, I’m going to break down each of these steps to show you exactly how to perform a vulnerability test for your organization.

By the end, you will have a better understanding of the complete vulnerability assessment process and what you need to do to lay the foundation for a successful cybersecurity program.

What Is A Vulnerability Assessment?

A vulnerability assessment is a process of identifying security vulnerabilities in systems, quantifying and analyzing them, and remediating those vulnerabilities based on predefined risks.

Assessments are an essential part of a holistic security program and are cited by many industry standards and compliance regulations.

The vulnerability assessment example below identifies and categorizes vulnerabilities found on a network.

Purplesec network vulnerability assessment report

A security expert conducts vulnerability analysis of the network scans to prioritize threats identified. From this, an action plan can be created with steps to remediate vulnerabilities.

For example, maintaining up-to-date patches and implementing a patch management procedure may be a valid recommendation.

Read MoreHow To Develop & Implement A Network Security Plan

Vulnerability Assessment Pricing & Frequency

Vulnerability assessment costs vary, but you can expect to pay between $2,000 – $4,000 per report.

The complexity of the network and the goals of the assessment often determine the cost of a scan.

Many security professionals consider it best practice to perform vulnerability assessments at least quarterly, however, there are several factors to consider including compliance, changes in infrastructure, and business needs.

With the growing threat landscape, it is not uncommon for organizations to adopt a continuous vulnerability management solution.

What Are The Steps In The Vulnerability Assessment Process?

Step 1: Conduct Risk Identification And Analysis

step 1 - conduct risk identification an analysisIdentifying risks for each asset and possible threats they face is a complex task. 

The most important thing is to structure the process well so that nothing important slips through the cracks. Companies can accomplish this by structuring their asset registers with added columns for threats and vulnerabilities.

This way, you will have a centralized document with all the necessary information needed. After you assign threats and vulnerabilities to your assets, you can begin the analysis phase where you assign risks to assets by determining the impact and likelihood of each threat materializing.

Once complete, you can finally focus on prioritizing assets that have the highest risk assigned and those most critically affected by known weaknesses or vulnerabilities.

Step 2: Vulnerability Scanning Policies and Procedures

step 2 - develop vulnerability scanning policiesTo have a structured and successful scanning methodology, policies and procedures must exist in order to have a pre-determined course of action needed to be taken. This includes all aspects of vulnerability scanning.

For starters, the policy or a procedure should have an official owner that is in responsible for everything that is written inside.

Free Download: Sample Vulnerability Assessment Policy

The policy should also be approved by upper management before taking effect. Defining the frequency of scanning is also important due to compliance adherence.

From a technical perspective, everything regarding the vulnerability scan configuration and functionality should be emphasized and written down. 

The document should also include steps to be taken after the scan is complete.

The most important factors are the types of scans that will be conducted, the ways the scans will be performed, software solutions used, which vulnerabilities take precedence over others, and steps that need to be taken after the scan is complete.

Step 3: Identify The Types Of Vulnerability Scans

step 3 - identify the type of scansVulnerability scanning is a process where vulnerability scanning software is used to identify security weaknesses in information systems.

Vulnerability scanning can be performed by network administrators, information security analysts and all technical IT staff that are trained and assigned the function of conducting a vulnerability scan.

Most malicious hackers attempt to map a network by scanning the system and trying to find possible vulnerabilities to gain unauthorized access to information systems. If malicious hackers you are trying to defend against use vulnerability scanning techniques, you have no choice but to employ them as well in order to stay ahead of their game.

Depending on the software that is running on the system you need to scan and secure, you need to determine the type of scan to be performed in order to get the most benefits.

The most common types of vulnerability scans include:

How Often Should You Perform A Network Vulnerability Scan

Network Vulnerability Scans

The most common type of vulnerability scan is a network-based scan.

This scan includes networks, their communication channels, and the networking equipment used in an environment.

Some of the major software and hardware devices that are in the scope of a network scan are hubs, switches, routers, firewalls, clusters, and servers.

A network scan will detect and classify all vulnerabilities that it finds on these devices.

Host Based Vulnerability Scans

Host-based scan is often misunderstood as being the same as a network scan.

Far from the truth, host-based scans address vulnerabilities related to hosts on the network including computers, laptops, and servers.

More specifically, this scan investigates:

  • The host configuration.
  • Its user directories.
  • File systems.
  • Memory settings.
  • Other information that can be found on a host.

This scan focuses more on the endpoints and their internal system setup and functionality.

The importance of a host-based scan is also often overlooked.

If neglected, misconfigurations and dormant vulnerabilities that lie in endpoints can mean disaster for your company if a malicious hacker manages to penetrate past your perimeter.

By neglecting host-based scans malicious actors can move laterally through the system with far more ease.

Web Application Penetration Testing - Types Of Penetration Testing

Application Based Vulnerability Scans

An application vulnerability scan is often forgotten and is in the shadows of an application penetration test.

Nevertheless, if you are not conducting an application penetration test, scanning your applications for vulnerabilities should be very high on your priority list.

By choosing from a variety of application vulnerability scanning tools, you can automate your security tasks and increase the security of your applications.

There is a variety of tools that you can use, both open-source and commercial to conduct a true application vulnerability scan.

Wireless Penetration Testing - Types Of Penetration Testing

Wireless Based Vulnerability Scans

To conduct a successful wireless vulnerability scan you need to know all the wireless devices that are in your network.

Additionally, you need to map out the attributes for each device to know how to properly configure the scan.

The next step is to identify any rouge access points that might be in your network and isolate those unknown devices.

It is important to remove these devices from your network as they might be listening in on your wireless traffic.

After all of the above, you can start testing your wireless access points and your wireless LAN infrastructure.

Step 4: Configure The Scan

step 4 - configure the scanEven though there are many vulnerability scanning vendors to choose from, the configuration of any scan can still be addressed.

This is done by identifying general objectives and the type of system you want to scan.

To configure a vulnerability scan you must:

  • Add A List Of Target IPs – The IP addresses where the target systems are hosted need to be inputted into the vulnerability scanning software in order for a scan to be performed.
  • Defining Port Range And Protocols – After adding the target IPs it is important to specify the port range you want to scan and which protocol you wish to use in the process.
  • Defining The Targets – In this step, you need to specify if your target IPs are databases, windows servers, applications, wireless devices etc. By making your scan more specific, you will get more accurate results.
  • Setting Up The Aggressiveness Of The Scan, Time And Notifications – Defining how aggressive your scan will be can influence the performance of the devices you are going to scan. To avoid any downtime on the target systems, it is recommended to set up a scan to be executed at a certain time, usually non-business hours. Additionally, you can also setup to receive a notification when the scan is complete.

Step 5: Perform The Scan

step 5 - perform the scanAfter determining the type of scan you want to conduct, and after setting up the configuration of the scan, you can save the configuration and run as desired.

Depending on the size of the target set and the intrusiveness of the scan, it can take minutes to hours for it to complete.

Each vulnerability scan can be divided into three phases:

  1. Scanning
  2. Enumeration
  3. Vulnerability Detection

In the scanning phase, the tool you are using will fingerprint the specified targets to gather basic information about them.

With this information, the tool will proceed to enumerate the targets and gather more detailed specifications such as ports and services that are up and running.

Finally, after determining the service versions and configuration of each target IP, the network vulnerability scanning tool will proceed to map out vulnerabilities in the targets, if any are present.

Step 6: Evaluate And Consider Possible Risks

step 6 - evaluate and consider possible risksRisks associated with performing a vulnerability scan pertain mostly to the availability of the target system. 

If the links and connections cannot handle the traffic load generated by the scan, the remote target can shut down and become unavailable.

When performing a scan on critical systems and production systems, extra caution should be exercised, and the scan should be performed after hours when the traffic to the target is minimal, in order to avoid overload.

Step 7: Interpret The Scan Results

step 7 - interpret the scan resultsHaving qualified staff members configuring, performing and analyzing the results of a vulnerability scan is most important. 

Knowledge of the scanned system is also important in order to properly prioritize remediation efforts. 

Even though each vulnerability scanning tool will prioritize vulnerabilities automatically, certain types of vulnerabilities should be given a priority.

For example, remote code execution vulnerabilities should take precedence over possible DDOS and encryption vulnerabilities. 

It’s important to consider the likelihood and the effort needed in order for a hacker to exploit the found vulnerability.

If there is a public exploit available for a vulnerability that you found in your system, giving priority to that vulnerability should take precedence over other vulnerabilities found that are exploitable but with far more effort.

Step 8: Create A Remediation Process And Mitigation Plan

step 8 - create a remediation and mitigation planAfter interpreting the results, information security staff should prioritize the mitigation of each vulnerability detected and work with IT staff in order to communicate mitigation actions. 

The Information security staff and IT staff need to communicate and work closely together in the vulnerability mitigation phase in order to make the process successful and fast.

Numerous follow-up scans are usually performed during the back and forth problem-solving between teams until all vulnerabilities that need to be mitigated no longer appear in the reports.

Conclusion

Vulnerability Assessments are a complex process that is always ongoing.

Due to the constant changes in technology in the modern era and with the increased number of successful attacks being launched at all major companies, these assessments have become the backbone for a successful defense of any information system.

It is a process that is heavily based on previously determined assets and their assigned risk due to the need to prioritize security issues to deflect the most damage that could arise from a successful cyber-attack.

The benefits associated with performing regular vulnerability assessments are enormous. 

From serving as an aid in the process of system hardening to being an integral requirement of most compliance standards, vulnerability assessments also allow you to maintain a good security posture and contribute to the success of your company’s cyber security program.

The complex vulnerability scanning tools allow you to build your configurations and run scans on a vast number of different devices.

This gives your business the ability to assess its infrastructure in a sound and complete way, covering all fronts, for network, host, wireless and application-level vulnerabilities.

Article by

Picture of Strahinja Stankovic, ECSA
Strahinja Stankovic, ECSA
Strahinja is a Senior Information Security Analyst with 7 years of professional experience in cyber security. His primary focus is on security event monitoring, analysis and incident response.

Related Content

Picture of Strahinja Stankovic, ECSA
Strahinja Stankovic, ECSA
Strahinja is a Senior Information Security Analyst with 7 years of professional experience in cyber security. His primary focus is on security event monitoring, analysis and incident response.

Share This Article

Our Editorial Process

Our content goes through a rigorous approval process which is reviewed by cybersecurity experts – ensuring the quality and accuracy of information published.

Categories

.

The Breach Report

Our team of security researchers analyze recent cyber attacks, explain the impact, and provide actionable steps to keep you ahead of the trends.