Vulnerability assessment can be defined as in-depth evaluation of vulnerabilities in an environment. It helps to determine the risk involved and mitigation measures to be undertaken for the risks. Vulnerability assessments are carried out in Information technology, Energy supply, Water supply, Transportation and Communications systems.

Many organizations perform a vulnerability assessment on timely basis in order to protect their organizational data against hackers and viruses. Vulnerability assessment will help the organization to find out ways to safeguard their data and avoid piracy.

A hacker has access to organizational data through weak points in company’s security. A proactive approach will help to identify potential safety risks and take appropriate measures to prevent hackers from entering the system.

Since vulnerability assessment secures your data you can enjoy long term success in your business.

BFF is a multinational file fuzz testing tool that consists of a Debain Linux Virtual Machine, the zzuf fuzzer, and a few associated scripts. A Mac OS X version is also available.

FOE is a mutational file-based fuzz testing tool for finding defects in application that run on the Windows Platform.

CERT Triage Tools consist of a triage script and a GNU Debugger (GDB) extension named ‘exploitable’ that classify Linux application defects by severity. We originally developed the CERT Triage Tools in order to assist software vendors and analysts in identifying the impact of defects discovered through techniques such as fuzz testing. As of May 2014, the CERT Triage Tools project has been transitioned to the GDB ‘exploitable’ plugin project on GitHub.

CERT Tapioca is a virtual machine appliance (OVA) for performing man-in-the-middle network traffic analysis of software and devices.

Dranzer helps in determining vulnerabilities in Microsoft Windows ActiveX Controls.

3 phase steps in testing are :

The security manager gives a network range and the VA determines the IP addresses in use. This phase includes tools such as ping.

The VA checks which applications and services are running on these systems, and make a note of their configurations.

The tool employee conducts a series of tests to find out if the system in suspectible to a bug or threat. Smart products iterate between phase two and three, and using the information to launch additional tests.

Using vulnerability assessment tools such as Nmap, Samspade etc to gain as much information about the target system as possible.

Perform war dialing on all phone numbers and do penetrating testing if targets are found .

Using Nmap if you can get the Operating System ID , use it to set up scanner for custom probings and update the scanners with latest attack signatures prior to use.

Perform scans on all targets found.

Analyze results and take corrective measures.

Update the scanner with the latest signatures befor use.

You may have to perform custom scans on selected machines that require simpler probe configurations.eg: scanning all system administrator and technical personnel machines for backdoors or other illicit software.

Using a password cracking tool check for weak passwords.

For further assistance, contact us at info@agniinfo.com.