This is the process of identification, quantification and prioritization of vulnerabilities in a computer system.
The activity involves the following phases:
- Identification of resources (hardware/software) in the system;
- Identification of vulnerabilities and potential risks for the resources;
- Classification of vulnerabilities identified in terms of impacts on security and likelihood of violation;
- Identification of available countermeasures;
Vulnerability assessment can be performed by the personnel within the organisation (internal staff) or by professionals outside the organisation (third party).
During vulnerability assessments, standard methodologies are used, such as:
- ISECOM: network systems, SCADA protocols, biometrics, strong authentication, wireless systems
- OWASP:Web-based applications
The approach used is Ethical Hacking.