1
00:00:00,610 --> 00:00:08,140
‫Vulnerability assessment is a process of defining, identifying and classifying the security holes in

2
00:00:08,140 --> 00:00:08,980
‫its systems.

3
00:00:10,210 --> 00:00:12,640
‫An attacker can exploit a vulnerability.

4
00:00:13,060 --> 00:00:20,350
‫The name of a particular security hole to violate the security of a system now.

5
00:00:21,860 --> 00:00:29,690
‫Some known vulnerability types are authentication, authorisation and input validation vulnerabilities.

6
00:00:31,150 --> 00:00:37,540
‫And the main difference between the vulnerability assessment and the penetration test is that you do

7
00:00:37,540 --> 00:00:42,520
‫not go beyond finding the vulnerabilities in a vulnerability assessment process.

8
00:00:42,940 --> 00:00:47,610
‫You don't try to gain access or maintain the access you gained in all that.

9
00:00:47,890 --> 00:00:56,410
‫So you won't be sure whether or not the finding really exists or very important if it's a false positive.

10
00:00:58,270 --> 00:01:04,390
‫Now, you may find some explanations where vulnerability scanning and vulnerability assessment are used

11
00:01:04,390 --> 00:01:05,380
‫for the same reason.

12
00:01:06,360 --> 00:01:12,570
‫However, as you know, now, vulnerability assessment is a process that covers the vulnerability scanning,

13
00:01:13,440 --> 00:01:17,700
‫a vulnerability assessment basically consists of the following steps.

14
00:01:19,030 --> 00:01:22,930
‫Identify assets and build an asset inventory.

15
00:01:23,950 --> 00:01:25,420
‫Do you know what the asset is?

16
00:01:25,750 --> 00:01:26,290
‫No worries.

17
00:01:26,680 --> 00:01:28,000
‫Just wait for the next slide.

18
00:01:28,840 --> 00:01:30,880
‫Be patient, my young apprentice.

19
00:01:32,560 --> 00:01:38,560
‫Categorize assets into groups, scan assets for known vulnerabilities.

20
00:01:39,430 --> 00:01:41,020
‫Rank the risks.

21
00:01:42,080 --> 00:01:44,360
‫Manage the remediation process.

22
00:01:45,360 --> 00:01:49,980
‫And perform follow up remediation scans to be sure that they're gone.

23
00:01:51,730 --> 00:01:55,750
‫There are tons of systems and services in an IT network.

24
00:01:56,440 --> 00:02:00,160
‫You should scan all the hosts and services of your ID system.

25
00:02:01,200 --> 00:02:08,790
‫Manual scan is, well, almost impossible in practice, so thankfully we have vulnerability scanners

26
00:02:08,790 --> 00:02:15,330
‫or vulnerability assessment tools which help you to follow the other steps of the assessment.

27
00:02:16,970 --> 00:02:23,930
‫Koalas, nurses and next policy are three of the most popular vulnerability scanners.

28
00:02:24,910 --> 00:02:28,870
‫These are commercial tools, although they have a free community edition.

29
00:02:29,980 --> 00:02:34,090
‫You will have to pay to use all of the functionalities of the tools.

30
00:02:35,540 --> 00:02:43,310
‫Open Vass Open Vulnerability Assessment System is a free and open source tool supported by pretty good

31
00:02:43,310 --> 00:02:43,820
‫community.