Content ITV PRO
This is Itvedant Content department
Enumeration and Vulnerability Assessment
Identifying vulnerabilities
Learning Outcome
5
Apply ethical and legal practices during vulnerability assessments.
4
Use vulnerability assessment tools to discover security weaknesses.
3
Understand the vulnerability assessment process.
2
Differentiate between vulnerabilities, threats, and risks.
1
Explain the concept of vulnerabilities and their impact on security.
Broken locks
Damaged electrical wiring
Weak doors
Faulty fire alarms
Unsafe staircases
“A Building Safety Inspection”
Vulnerability identification is the process of finding security weaknesses in systems, applications, and networks before attackers can exploit them.
What is CVE?
Common Vulnerabilities and Exposures (CVE) is a publicly available catalog of known security vulnerabilities.
What is CVSS?
Common Vulnerability Scoring System (CVSS) is a standard used to measure vulnerability severity.
Vulnerability description
Affected assets
Risk level
Evidence
Recommendations
Secure Configuration
Use security baselines and hardening guidelines.
Principle of Least Privilege
Provide only necessary permissions.
Continuous Monitoring
Monitor systems for vulnerabilities and threats.
Patch Management
Apply updates regularly.
Stay Within Scope
Assess only approved systems.
Protect Findings
Secure vulnerability data and reports.
Responsible Disclosure
Report vulnerabilities responsibly to affected parties.
Obtain Authorization
Always obtain written permission before assessments.
Summary
5
Vulnerability assessments must be performed ethically
4
CVE identifies vulnerabilities, while CVSS measures their severity.
3
Tools such as Nessus, OpenVAS, Nikto, Nmap NSE
2
Vulnerability assessments help identify and prioritize security risks.
1
Vulnerabilities are weaknesses that can impact system security.
Quiz
What does CVE stand for?
A. Common Vulnerability Evaluation
B. Common Vulnerabilities and Exposures
C. Cyber Vulnerability Evaluation
D. Critical Vulnerability Enumeration
Quiz
What does CVE stand for?
A. Common Vulnerability Evaluation
B. Common Vulnerabilities and Exposures
C. Cyber Vulnerability Evaluation
D. Critical Vulnerability Enumeration
Identifying vulnerabilities
By Content ITV
