Vulnerability Assessment

Github logo Edit on GitHub
Perform continuous cycles of identifying, classifying, prioritizing, remediating, and mitigating of software vulnerabilities of the implemented code and third-party components.

Why

Vulnerability assessment helps to classify and narrow down the most threatening security vulnerabilities and quickly patch the worst flaws before they lead to a breach.

How

  1. Identify the Vulnerability: Identify a list of application vulnerabilities. Test the security health of the application, servers (e.g., Web, Application, DB) and other systems using tools or manually. Consider vulnerabilities in databases, vendor vulnerability announcements, and threat intelligence feed in the process.

  2. Analyze the Vulnerability: Identify the root cause of the vulnerability, which provides a clear path for remediation. E.g. Using an old version of a library.

  3. Assess the Risk: Prioritize the vulnerability by assigning a rank or severity score based on the following factors:

    • Affected systems
    • Affected data
    • Which business functions are at risk
    • Ease of attack or compromise
    • The severity of an attack
    • Potential damage

  4. Remediate: Close the identified security gaps. Involve security staff, development team, and operations team. Remediation steps may include:

    • Introduction of new security procedures, measures, or tools.
    • Updating operational or configuration changes.
    • Development and implementation of a vulnerability patch.

References

Previous
Team Onboarding & Learning Plan
Next
Optimize