Web App Penetration Testing Tutorial

Vulnerability Assessment in Website Penetration Testing

Table of Contents

  • What is Vulnerability Assessment?
  • Test your knowledge with a quick quiz!
  • How to Find the Correct Scope?
  • Test your knowledge with a quick quiz!
  • How to find Vulnerable Parameters?
  • Intro to Vulnerability Assessment
  • It’s Quiz Time!

What is Vulnerability Assessment?

It is the process of assessing or reviewing the vulnerabilities or security weaknesses in a system. Vulnerability assessment helps in finding whether the system is prone to cyber-attacks so that the vulnerabilities discovered can be removed.

Vulnerability assessment can assist in preventing several types of threats like SQL injection, XSS, insecure settings in software or apps, privileges because of faulty mechanisms, etc. 

Test your knowledge with a quick quiz!

Out of the below, which is not a part of the Vulnerability assessment?

Select the correct answer

How to Find the Correct Scope?

In the scope of vulnerability assessment, all the assets of IT will be included that are part of the network of the organization. It will offer insights into the security state of the company and the countermeasures that can be taken to enhance this state.

There are two formats of vulnerability assessment. The first one is an external vulnerability assessment, and the second is an internal vulnerability assessment.

  • External Vulnerability Assessment

This is done in a remote way without access to internal resources. The role of this assessment is to detect and find the flaws in the systems and network, categorize those flaws according to the IT assets. For example, web apps, web servers, VPN, email servers, etc.

External vulnerability assessment will help the company to understand exactly what requires security controls, fixes, and strong cybersecurity applications. 

  • Internal Vulnerability Assessment

As the name suggests, the internal vulnerability assessment is done of the networks and systems within the organization. It will test and find the vulnerabilities in the internal networks. The categorization will be done accordingly.

Using internal vulnerability assessment, it can be found whether there is a lack of security compliances (local or global), policies, standards, procedures, etc. These will be related to information security, data privacy and security, and network security. 

Test your knowledge with a quick quiz!

What is another term used for a security weakness?

Select the correct answer

How to find Vulnerable Parameters?

Here is how you can find the vulnerable parameters in the network and system:

  • Login fuzzing

  • Open redirections

  • DoS (denial of service)

  • Detecting directory files brute force

  • Checking configurations and misconfigurations

  • Assessing session tokens

  • Testing different types of injections, like SQL, XSS, XML, etc.

  • Checking for LFI and RFI attacks

  • Flaws in business logics

  • Assessing REST and SOAP web services

Intro to Vulnerability Assessment

Intro to Vulnerability Assessment

It’s Quiz Time!

Did you find this article helpful?