search
githubEdit

422.53 Vulnerability assessment

Assess a system’s security posture by identifying, classifying, and prioritising potential weaknesses before they can be exploited.

hashtag
Overview

A vulnerability assessment is the process of systematically scanning and analysing software or systems to identify known security flaws. It helps developers and organisations understand which parts of their system may be at risk and how urgently those risks should be addressed.

Unlike penetration testing, which attempts to exploit vulnerabilities, a vulnerability assessment is primarily diagnostic—it focuses on detection and risk evaluation rather than exploitation.

Vulnerability assessments are essential for maintaining secure code and systems throughout the software lifecycle.

hashtag
Targets

In this topic, students learn to:

  • Explain what a vulnerability assessment is and when it is used

  • Use or interpret automated tools to identify security risks

  • Classify vulnerabilities by severity and impact

  • Evaluate how vulnerability assessment supports secure software development

hashtag
Syllabus references

chevron-rightSecure software architecturearrow-up-righthashtag

Developing secure code

  • Apply and evaluate strategies used by software developers to manage the security of programming code, including – vulnerability assessment

hashtag
When are vulnerability assessments used?

Vulnerability assessments are typically used:

  • After development, but before deployment

  • During regular security audits

  • After applying new configurations or updates

  • In response to newly discovered threats (e.g. zero-day vulnerabilities)

They can be run against:

  • Web applications

  • APIs and services

  • Operating systems

  • Source code repositories

  • Networked systems

hashtag
Types of vulnerabilities detected

  • Outdated or vulnerable libraries and packages

  • Insecure server or service configurations

  • Missing security headers or HTTPS enforcement

  • Exposed ports or services

  • Publicly accessible files or credentials

  • Known CVEs (Common Vulnerabilities and Exposures)

hashtag
Tools used for vulnerability assessment

Some widely used tools include:

  • OWASP Dependency-Check (for insecure libraries)

  • Nessus or OpenVAS (network vulnerability scanning)

  • Nikto (web server scanning)

  • Snyk, Retire.js or Trivy (dependency scanning)

  • Clair or Anchore (for container security)

hashtag
Example: Using snyk for dependency scanning

This command scans your project for known vulnerabilities in dependencies and produces a report.

hashtag
Prioritising vulnerabilities

After scanning, results are typically sorted by:

  • Severity (e.g. low, medium, high, critical)

  • Exploitability (how easy it is to attack)

  • Impact (what an attacker could gain)

  • Fix availability (whether a patch exists)

Developers and teams use this information to prioritise fixes in the next sprint or release cycle.

hashtag
Best practices

  • Automate vulnerability scans in CI/CD pipelines

  • Review and triage results as part of the software testing phase

  • Combine with other methods (e.g. SAST, DAST) for full coverage

  • Reassess after major changes or security patches

  • Use scanning tools appropriate to your language, platform, or environment

hashtag
Summary

  • Vulnerability assessments detect known security flaws in software, systems, or configurations

  • They are diagnostic tools used to prevent exploitation

  • Results help developers prioritise security fixes and improve the overall resilience of the system

  • Assessment tools should be part of an ongoing secure development process

Previous422.52 SAST and DASTNext422.53 Penetration testing

Last updated

Was this helpful?