Vulnerability Analysis
Vulnerability Analysis
Vulnerability Analysis
Index:
1. What is Vulnerability? 2
2. Vulnerability research 2
3. Resources for vulnerability research 2
4. Vulnerability Assessment 2
5. Vulnerability scoring system and databases 2-3
6. Using Armitage 3-6
7. Vulnerability management life cycle 6
8. Vulnerability Assessment Phase 7
9. Post Assessment Phase 7
10. Types of Vulnerability Assessment 7
11. Vulnerability Assessment tools 8
12. Perform Vulnerability Research in Common Weakness Enumeration (CWE) 8-9
13. Perform Vulnerability Research in Common Vulnerability Exposures (CVE) 9-10
14. Perform Vulnerability Research in National Vulnerability Database (NVD) 11-12
15. Perform Vulnerability Analysis using Nessus 12-15
2|Page
What is Vulnerability?
In cybersecurity and ethical hacking, a vulnerability is a flaw or weakness in software, hardware, or
processes that attackers can exploit to gain unauthorized access, disrupt operations, or steal data.
Identifying and addressing these vulnerabilities helps organizations protect systems from threats and
prevent potential security breaches.
Vulnerability research:
In cybersecurity and ethical hacking, vulnerability research is the process of identifying, analyzing,
and documenting flaws or weaknesses in software, hardware, networks, or protocols. Researchers
use various tools and techniques to discover new vulnerabilities, assess their impact, and report
them responsibly to vendors or organizations to improve security.
Vulnerability assessment:
Vulnerability assessment is the process of identifying, analyzing, and prioritizing security weaknesses
in systems, networks, or applications. It involves scanning for known vulnerabilities, assessing their
potential impact, and providing recommendations for mitigation. This proactive approach helps
organizations strengthen defenses and reduce the risk of exploitation by attackers.
Using Armitage:
Connect it to the local host:
4|Page
5|Page
6|Page
Here are some of the most famous and widely used vulnerability assessment tools:
Nessus
OpenVAS
QualysGuard
Burp Suite
Rapid7 Nexpose
Acunetix