Vulnerability assessment is a process to evaluate the security risks in the software system in order to reduce the probability of a threat. It is also called Vulnerability Testing.
A vulnerability is any mistakes or weakness in the system security procedures, design, implementation or any internal control that may result in the violation of the system’s security policy.
The purpose of Vulnerability Assessment is to reduce the possibility for intruders (hackers) to get unauthorized access. Vulnerability Analysis depends upon two mechanisms namely Vulnerability Assessment and Penetration Testing(VAPT).
1. Vulnerability assessment is important for the security of the organization.
2. The process of locating and reporting the vulnerabilities, which provide a way to detect and resolve security problems by ranking the vulnerabilities before someone or something can exploit them.
3. In this process Operating systems, Application Software and Network are scanned in order to identify the occurrence of vulnerabilities, which include inappropriate software design, insecure authentication, etc.
Advantages of Vulnerability Assessment
- Open Source tools are available.
- Identifies almost all vulnerabilities
- Automated for Scanning.
- Easy to run on a regular basis.
Disadvantages of Vulnerability Assessment
- High false positive rate
- Can easily detect by Intrusion Detection System Firewall.
- Often fail to notice the latest vulnerabilities.
Vulnerability Testing Methods.
Active Testing- Inactive Testing, a tester introduces new test data and analyzes the results.
- During the testing process, the testers create a mental model of the process, and it will grow further during the interaction with the software under test.
- While doing the test, the tester will actively involve in the process of finding out the new test cases and new ideas. That’s why it is called Active Testing.
- Passive testing, monitoring the result of running software under test without introducing new test cases or data
Network Testing
- Network Testing is the process of measuring and recording the current state of network operation over a period of time.
- Testing is mainly done for predicting the network operating under load or to find out the problems created by new services.
- We need to Test the following Network Characteristics:-
- Utilization levels
- Number of Users
- Application Utilization
Distributed Testing
- Distributed Tests are applied for testing distributed applications, which means, the applications that are working with multiple clients simultaneously. Basically, testing a distributed application means testing its client and server parts separately, but by using a distributed testing method, we can test them all together.
- The test parts will interact with each other during the Test Run. This makes them synchronized in an appropriate manner. Synchronization is one of the most crucial points in distributed testing.