422.53 Vulnerability assessment

Overview

A vulnerability assessment is the process of systematically scanning and analysing software or systems to identify known security flaws. It helps developers and organisations understand which parts of their system may be at risk and how urgently those risks should be addressed.

Unlike penetration testing, which attempts to exploit vulnerabilities, a vulnerability assessment is primarily diagnostic—it focuses on detection and risk evaluation rather than exploitation.

Vulnerability assessments are essential for maintaining secure code and systems throughout the software lifecycle.

Targets

In this topic, students learn to:

• Explain what a vulnerability assessment is and when it is used

• Use or interpret automated tools to identify security risks

• Classify vulnerabilities by severity and impact

• Evaluate how vulnerability assessment supports secure software development

Syllabus references

When are vulnerability assessments used?

Vulnerability assessments are typically used:

• After development, but before deployment

• During regular security audits

• After applying new configurations or updates

• In response to newly discovered threats (e.g. zero-day vulnerabilities)

They can be run against:

• Web applications

• APIs and services

• Operating systems

• Source code repositories

• Networked systems

Types of vulnerabilities detected

• Outdated or vulnerable libraries and packages

• Insecure server or service configurations

• Missing security headers or HTTPS enforcement

• Exposed ports or services

• Publicly accessible files or credentials

• Known CVEs (Common Vulnerabilities and Exposures)

Tools used for vulnerability assessment

Some widely used tools include:

• OWASP Dependency-Check (for insecure libraries)

• Nessus or OpenVAS (network vulnerability scanning)

• Nikto (web server scanning)

• Snyk, Retire.js or Trivy (dependency scanning)

• Clair or Anchore (for container security)

Example: Using snyk for dependency scanning

snyk test

This command scans your project for known vulnerabilities in dependencies and produces a report.

Prioritising vulnerabilities

After scanning, results are typically sorted by:

• Severity (e.g. low, medium, high, critical)

• Exploitability (how easy it is to attack)

• Impact (what an attacker could gain)

• Fix availability (whether a patch exists)

Developers and teams use this information to prioritise fixes in the next sprint or release cycle.

Best practices

• Automate vulnerability scans in CI/CD pipelines

• Review and triage results as part of the software testing phase

• Combine with other methods (e.g. SAST, DAST) for full coverage

• Reassess after major changes or security patches

• Use scanning tools appropriate to your language, platform, or environment

Summary

• Vulnerability assessments detect known security flaws in software, systems, or configurations

• They are diagnostic tools used to prevent exploitation

• Results help developers prioritise security fixes and improve the overall resilience of the system

• Assessment tools should be part of an ongoing secure development process