0% found this document useful (0 votes)

32 views18 pages

How To VA Step-By-step

This document provides a comprehensive guide on conducting vulnerability assessments and penetration testing (VAPT) to identify and mitigate security flaws in systems. It outlines the steps involved in the vulnerability assessment process, including defining the scope, information gathering, scanning, analysis, reporting, remediation support, and re-assessment. The guide emphasizes the importance of regular assessments to enhance security posture, ensure compliance, and build trust with stakeholders.

Uploaded by

aymanix

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

32 views18 pages

How To VA Step-By-step

Uploaded by

aymanix

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 18

HOW TO DO

VULNERABILITY
Vulnerability ASSESSMENT STEP-BY-STEP

A Practical Guide to Vulnerability Assessment

WHAT IS VAPT

VAPT is a security testing process that

identifies vulnerabilities in a system and
determines whether they can be exploited.

Two Components:

Vulnerability Assessment (VA): Focuses on

identifying known vulnerabilities.
Penetration Testing (PT): Simulates an
actual attack to exploit identified
vulnerabilities.

Purpose: To improve the security posture of

systems by identifying and fixing security
flaws.
TYPES OF VULNERABILITIES
Type What It Means Examples

Unpatched Windows, outdated

System/OS Flaws in the operating system.
Linux kernel
SQL Injection, Cross-Site Scripting
Application Weaknesses in app code.
(XSS)

Network Issues in network setup or services. Open ports, weak firewall rules

Default admin password, exposed

Configuration Improper security settings.
directory

Authentication Login/session-related flaws. Weak passwords, session ID reuse

Business Logic Misuse of app flow or rules. Unlimited coupon use, refund abuse

Third-party/Dependency Vulnerable external components. Log4j, outdated plugins

VULNERABILITY ASSESSMENT –
OVERVIEW
The process of identifying, classifying, and prioritizing security vulnerabilities.

Objective: To detect and highlight potential vulnerabilities before attackers can

find and use them.

Common Tools

Nessus – Popular for deep scanning

OpenVAS – Open-source vulnerability scanner

Qualys – Cloud-based scanning

Nexpose – Real-time vulnerability management

PENETRATION TESTING –
OVERVIEW
Simulated cyber-attack on a system to evaluate its security.

Goal: To ethically exploit vulnerabilities and assess how far an attacker

could go, revealing real-world security risks.

Common Types

Black Box: No prior knowledge of the system; simulates

an external attacker.

White Box: Full knowledge of internal architecture,

credentials, and code.

Gray Box: Limited information, like an insider or an

attacker with some access.
WHY IS VULNERABILITY
ASSESSMENT IMPORTANT?

Fix weaknesses before

Prevent Breaches
attackers exploit them.

Meet standards like ISO

Stay Compliant
27001, PCI DSS, HIPAA.

Detect misconfigurations
Find Hidden Risks
and outdated systems.

Show customers &

Build Trust stakeholders you prioritize
security.
VULNERABILITY
ASSESSMENT PROCESS
04
03 Vulnerability 05
Analysis
Vulnerability
Reporting
Scanning

02 06

Information Remediation
Gathering 7 Support

Steps of
Vulnerability
01 Assessment 07
Process
Define Re-
Scope assessment
STEP 1 – DEFINE THE SCOPE
Objective: Understand what you’re assessing.

What to Do:

Identify the assets you want to assess – servers, websites, applications,

cloud services, internal networks, etc.
Decide on scope boundaries: Which systems are in scope and which are
out of scope?
Get permissions: Always take written approval before scanning or testing.
Unauthorized scanning can disrupt services or violate policies.
Clarify goals: Are you doing this for compliance, security hardening, or
both?

Scanning 10 internal IPs and a public web app

No testing on production database

STEP 2 – INFORMATION GATHERING
Objective: Learn about the systems before testing.

What to Do:
Use passive methods: WHOIS lookup, Shodan, Google Dorking, Netcraft
Use active methods: Nmap or Masscan to detect open ports, running
services, and OS info
Identify:
Software versions
Open ports & services (e.g., SSH, FTP, HTTP)
Technologies used (e.g., Apache, WordPress, Linux)

Why It Matters:

The more you know about the target, the more accurate your scan will be.

Nmap, Netdiscover, WhatWeb, BuiltWith

STEP 3 – VULNERABILITY SCANNING
Objective: Use tools to find known weaknesses.

What to Do:

Run an automated scan using tools like Nessus, OpenVAS, or Qualys

Perform both:
Unauthenticated Scans: Scan like an outsider
Authenticated Scans: Scan with credentials for deeper inspection
Choose scan profiles based on the asset type (e.g., web app scan vs internal
server scan)

What You’ll Find:

Missing patches
Misconfigurations (e.g., open FTP)
Known CVEs (Common Vulnerabilities & Exposures)

Scans can slow down systems, schedule them wisely!

STEP 4 – VULNERABILITY ANALYSIS
Objective: Understand what the results mean and how serious they are.

What to Do:

Review scan results: Separate true positives from false positives

Assign risk levels: Use CVSS (Common Vulnerability Scoring System) or the
tool’s severity score
Critical (9–10)
High (7–8.9)
Medium (4–6.9)
Low (0–3.9)
Prioritize based on impact: What’s easier to exploit or causes the most
damage?

Think Like an Attacker:

Could this vulnerability allow access to sensitive data or full system control?

A public-facing login page vulnerable to SQL injection = High Risk

STEP 5 – REPORTING
Objective: Present the findings in a clear, actionable format.

What to Include:

Executive Summary: A high-level overview for non-technical stakeholders

Technical Details: Description of each vulnerability, severity, and how it was
found
Screenshots/Proof of Concept (PoC): Where applicable
Remediation Steps: Clear instructions for fixing each issue
Risk Ratings: Based on CVSS, tool-based score, or business impact

Use tables, graphs, and color codes to improve readability.

The report is the bridge between discovery and action.

STEP 6 – REMEDIATION SUPPORT
Objective: Help fix the issues found.

What to Do:

Share the report with relevant teams (IT, DevOps, App Owners)
Assist with:
Patch application
Secure configuration guides
Code changes (for application vulnerabilities)
Provide alternate controls if immediate fixes are not possible (e.g., WAF
rules)
Offer timelines based on risk levels (e.g., Critical issues in 7 days)

Assign clear ownership for each vulnerability

Some teams may not understand the urgency, make it simple!

STEP 7 – RE-ASSESSMENT
Objective: Make sure everything is actually fixed.

What to Do:

Re-scan the systems after fixes are applied

Verify each vulnerability: Has it been patched, blocked, or mitigated?
Update the report: Mark issues as “Remediated” or “Partially Fixed”
Close the loop: Confirm with stakeholders and sign off on the assessment

Why It Matters:

No vulnerability assessment is complete without verifying that fixes worked.

Always verify fixes through re-scans or manual validation.

COMMON TOOLS FOR
VULNERABILITY ASSESSMENT

Category Tools

Open Source Tools OpenVAS, Nikto, Nmap

Commercial Tools Nessus, Qualys, Burp Suite Pro, Acunetix

Cloud/Container Tools Prisma Cloud, AWS Inspector

BEST PRACTICES
Conduct regular scans
(mothly/quarterly) 01
Use authenticated
scans 02
03
Prioritize vulnerabilities via
CVSS & business impact

04
Combine with PT for
better accuracy

05
Maintain a vulnerability
management program
CONCLUSION

Vulnerability Assessment is not just a scan,

it's a security strategy.
It helps organizations proactively identify,
prioritize, and fix weaknesses before
attackers can exploit them.

Key Takeaways:

Regular assessments reduce the risk of

breaches and downtime.
It supports compliance, builds trust, and
strengthens your security posture.
A good assessment combines tools,
analysis, and collaboration.
Always follow through with remediation
and re-assessment for lasting impact.
THANK YOU
Authored by : KHUSHI MALHOTRA

WWW.MINISTRYOFSECURITY.CO

? Vulnerability Assessment
No ratings yet
? Vulnerability Assessment
2 pages
Bengali Text Classification Distinguishing Saintly and Common Forms Using Machine Learning Model
No ratings yet
Bengali Text Classification Distinguishing Saintly and Common Forms Using Machine Learning Model
7 pages
Activity 2 - Scenario-Based Vulnerability Assessment Exercise
No ratings yet
Activity 2 - Scenario-Based Vulnerability Assessment Exercise
4 pages
Vulnerability Assessment
No ratings yet
Vulnerability Assessment
3 pages
Vulnerability Assessment Using Nessus Essentials
No ratings yet
Vulnerability Assessment Using Nessus Essentials
24 pages
Vulnerability Assessment
No ratings yet
Vulnerability Assessment
4 pages
Gek106913 B
No ratings yet
Gek106913 B
4 pages
3 Vulnerability Assessment Securing Your Digital Assets
No ratings yet
3 Vulnerability Assessment Securing Your Digital Assets
11 pages
01 Vulnerability Analysis
No ratings yet
01 Vulnerability Analysis
94 pages
Pen Testing
No ratings yet
Pen Testing
65 pages
Lutech Viewer2-9 Manual FINAL 200930A
No ratings yet
Lutech Viewer2-9 Manual FINAL 200930A
19 pages
SWApp Information System
No ratings yet
SWApp Information System
27 pages
C.vulnerability Assessment
No ratings yet
C.vulnerability Assessment
7 pages
M2 T4
No ratings yet
M2 T4
12 pages
Pokémon FireRed & LeafGreen QR Codes. (USA) R3dsqrcodes
No ratings yet
Pokémon FireRed & LeafGreen QR Codes. (USA) R3dsqrcodes
1 page
Recommender Systems-Chapter 3
No ratings yet
Recommender Systems-Chapter 3
47 pages
Maltego Whitepaper Common Pitfalls To Avoid in Vulnerability Risk Assessments
No ratings yet
Maltego Whitepaper Common Pitfalls To Avoid in Vulnerability Risk Assessments
10 pages
Day2va 121130175145 Phpapp01
No ratings yet
Day2va 121130175145 Phpapp01
24 pages
PS.2024.C3.Corte1.Pruebas de Integracion.223204.GallegosBorraz
No ratings yet
PS.2024.C3.Corte1.Pruebas de Integracion.223204.GallegosBorraz
6 pages
Vulnerability Management Lifecycle Guide
No ratings yet
Vulnerability Management Lifecycle Guide
19 pages
Vulnerability Management Lifecycle
No ratings yet
Vulnerability Management Lifecycle
8 pages
CS3342 Software Design Course
No ratings yet
CS3342 Software Design Course
15 pages
Vulnerability Analysis
No ratings yet
Vulnerability Analysis
15 pages
02 Comprehensive Vulnerability Assessment and Security Scanning
No ratings yet
02 Comprehensive Vulnerability Assessment and Security Scanning
126 pages
Unit 1
No ratings yet
Unit 1
43 pages
Vulnerability Analysis
No ratings yet
Vulnerability Analysis
4 pages
VAPT Basic - 1
No ratings yet
VAPT Basic - 1
7 pages
Dffccil 2 X 25 KV Tender Document
No ratings yet
Dffccil 2 X 25 KV Tender Document
264 pages
Unit 4
No ratings yet
Unit 4
65 pages
CompTIA Security + Chapter 5
No ratings yet
CompTIA Security + Chapter 5
27 pages
Introduction To Vulnerability Checking
No ratings yet
Introduction To Vulnerability Checking
8 pages
06 Synchronization
No ratings yet
06 Synchronization
52 pages
Mathematics Exercise Solutions
No ratings yet
Mathematics Exercise Solutions
17 pages
How To Find Vulnerabilities in Website
No ratings yet
How To Find Vulnerabilities in Website
7 pages
Week 11 APP Tutorial Assignment
No ratings yet
Week 11 APP Tutorial Assignment
4 pages
Unit No. 2 Part 2 Vulnerabiltity Assessment
No ratings yet
Unit No. 2 Part 2 Vulnerabiltity Assessment
17 pages
Mse (Vapt)
No ratings yet
Mse (Vapt)
15 pages
Vulnerability Management - Cyber Security
No ratings yet
Vulnerability Management - Cyber Security
42 pages
CSD4001-Study Material-Midterm
No ratings yet
CSD4001-Study Material-Midterm
63 pages
Module 3 P
No ratings yet
Module 3 P
56 pages
Vulnerability Management
100% (1)
Vulnerability Management
12 pages
Vulnerability and Penetration Testing
No ratings yet
Vulnerability and Penetration Testing
30 pages
Techciti: Managed Services
No ratings yet
Techciti: Managed Services
6 pages
Cyber Security Interview Question
No ratings yet
Cyber Security Interview Question
4 pages
Vulnerability Testing and Server Client Side Attack
No ratings yet
Vulnerability Testing and Server Client Side Attack
34 pages
Key Concepts of Computer Studies
No ratings yet
Key Concepts of Computer Studies
253 pages
Create A Simple Vulnerability Scanning Tool That Scans A Network or Website For Common Security Vuln
No ratings yet
Create A Simple Vulnerability Scanning Tool That Scans A Network or Website For Common Security Vuln
14 pages
Vulnerability Assessment Guide
No ratings yet
Vulnerability Assessment Guide
17 pages
LPC-Link2 Schematic Guide
No ratings yet
LPC-Link2 Schematic Guide
6 pages
Skoda Amundsen MIB 2 Map Update Guide
No ratings yet
Skoda Amundsen MIB 2 Map Update Guide
12 pages
Day 3
No ratings yet
Day 3
33 pages
Eccouncil Ecihv2 1 2 1 What Is Vulnerability Management
No ratings yet
Eccouncil Ecihv2 1 2 1 What Is Vulnerability Management
4 pages
PTC - Interview Questions On Vulnerability Assessment 1
No ratings yet
PTC - Interview Questions On Vulnerability Assessment 1
20 pages
Lord's Piso Wifi
No ratings yet
Lord's Piso Wifi
2 pages
SECURITY - Vulnerability Assessment Service Customer Overview Presentation
No ratings yet
SECURITY - Vulnerability Assessment Service Customer Overview Presentation
8 pages
Web Application Security - Unit 4 Notes
No ratings yet
Web Application Security - Unit 4 Notes
143 pages
Vulnerability Assessment and Penetration Testing VAPT 1730885750
No ratings yet
Vulnerability Assessment and Penetration Testing VAPT 1730885750
29 pages
Vulnerability Management Guide
No ratings yet
Vulnerability Management Guide
34 pages
ISACA WP Vulnerability Assessment 1117
100% (2)
ISACA WP Vulnerability Assessment 1117
17 pages
Vulnerability Assessment & Testing Guide
No ratings yet
Vulnerability Assessment & Testing Guide
43 pages
Vulnerability Analysis Guide
No ratings yet
Vulnerability Analysis Guide
3 pages
Vulnerability Management 2
No ratings yet
Vulnerability Management 2
16 pages
Qualys Foundation
No ratings yet
Qualys Foundation
28 pages
Thesis Asset Management Client Login
100% (2)
Thesis Asset Management Client Login
4 pages
Rapid7 Vulnerability Assessment Buyers Guide
No ratings yet
Rapid7 Vulnerability Assessment Buyers Guide
17 pages
Chapter 5 Vulnerability Analysis
No ratings yet
Chapter 5 Vulnerability Analysis
25 pages
Chapter 4 - Designing A Vulnerability Management Program
No ratings yet
Chapter 4 - Designing A Vulnerability Management Program
38 pages
Unit 2 Question Answer
No ratings yet
Unit 2 Question Answer
8 pages
Industrial Temperature Transmitter Guide
No ratings yet
Industrial Temperature Transmitter Guide
3 pages
Australian/New Zealand Standard: Structural Design Actions Part 0: General Principles
0% (1)
Australian/New Zealand Standard: Structural Design Actions Part 0: General Principles
7 pages
Advanced VLSI Design Course
No ratings yet
Advanced VLSI Design Course
13 pages
What Is Vulnerability Management
No ratings yet
What Is Vulnerability Management
15 pages
ASUG Attendee List
No ratings yet
ASUG Attendee List
90 pages
VAPT: Enhancing Cybersecurity
No ratings yet
VAPT: Enhancing Cybersecurity
15 pages
Software Process Models Guide
No ratings yet
Software Process Models Guide
30 pages
Tourism MS
No ratings yet
Tourism MS
22 pages
Vulnerability Assessment and Penetration Testing
No ratings yet
Vulnerability Assessment and Penetration Testing
25 pages
Alteryx Webinar Lecture 1 - Slides PDF
100% (1)
Alteryx Webinar Lecture 1 - Slides PDF
56 pages
Aspire Archon User Manual
No ratings yet
Aspire Archon User Manual
1 page
Jatma: Year Book Order Form
No ratings yet
Jatma: Year Book Order Form
1 page
Vulnerability Assessment Best Practices
100% (1)
Vulnerability Assessment Best Practices
25 pages
Contoh Soal
No ratings yet
Contoh Soal
2 pages
Vulnerability Scanning 101 White Paper
No ratings yet
Vulnerability Scanning 101 White Paper
15 pages
Vulnerability Assessment Best Practices
No ratings yet
Vulnerability Assessment Best Practices
25 pages
Popa Tanda de Ioan Slavici
0% (1)
Popa Tanda de Ioan Slavici
26 pages
An Approach To Vulnerability Management: by Umesh Chavan, CISSP
No ratings yet
An Approach To Vulnerability Management: by Umesh Chavan, CISSP
3 pages