SlideShare une entreprise Scribd logo

Security assessment

A
Antonio Bristow

Security assessment involves several stages to identify risks and analyze security. These stages include discovery to identify systems, vulnerability scanning to find weaknesses, assessment to analyze risks in context, security assessment to manually verify exposures, penetration testing to exploit vulnerabilities, security auditing to ensure compliance, and security review to check adherence to standards. The overall goal is a thorough analysis of threats and risks to assess security and identify improvements.

Technologie
1  sur  2
Télécharger pour lire hors ligne
What is Security assessment? What are the different stages involved in it? Security assessment has different stages viz. discovery stage, vulnerability scan, assessment, security assessment, penetration stage, security audit and security review stage. Security assessment is a thorough study done mainly to identify IT related threats and risks. Full support of the organization being assessed is required for an explicit study. The organization should allow the assessor access to its network, facilities etc. An assessment is done to assess the working of the present security system and to make improvements if any amongst all the security tests a security assessment test is the most useful test. Security assessment is also known as security audit or security review. It should make sure that all necessary security tools required to protect the system have been incorporated into the system. Security assessment system goes through a number of stages to identify the risks and to analyze the situation. 1. Discovery stage: the services and systems under operation are identified. This process does not identify the weaknesses of the system but may at times point out the obsolete versions of software/firmware which in turn may be helpful to identify the potential vulnerabilities. 2. Vulnerability scan stage – it is meant to identify the security issues. With the help of automated tools it matches conditions with known vulnerabilities. Manual scanning or interpretation is not required as the tool automatically sets the reported risk level. 3. Vulnerability assessment stage - in order to place the findings into the context of the environment under test and to scan the security vulnerabilities it uses discovery and vulnerabilities. 4. Security assessment stage - the basis of this stage is vulnerability assessment. In order to confirm exposure it adds manual verification but does not include the use of vulnerabilities to work further. Security assessment can be done by authorizing access in order check system settings. It also scans logos, system responses, error messages, codes, etc. 5. Penetration test - imitates an attack by a harmful person-in order to gain further access it exploits the present vulnerabilities. This test may help us understand the potential of the person trying to hack the confidential information or data. in comparison to the security assessment approach which looks at the broader coverage this stage goes to the origin of attack
6. Security Audit – is responsible for handling the compliance issues. Due to its narrow scope it is flexible enough to use any of the above mentioned approaches i.e. vulnerability assessment, security assessment, etc. 7. Security Review – making sure that the product is adhering to the internal security standards. This stage follows a gap analysis and also makes use of build/code reviews or design data and diagrams. This stage has no relation with the earlier approaches. . For more information on security assessment you can visit URL: http://www.ivizsecurity.com/application-penetration.html

Recommandé

Engineering Security Vulnerability Prevention, Detection, and Response
Engineering Security Vulnerability Prevention, Detection, and ResponseEngineering Security Vulnerability Prevention, Detection, and Response
Engineering Security Vulnerability Prevention, Detection, and Response
Jinnah University for Women
 
Penetration testing overview
Penetration testing overviewPenetration testing overview
Penetration testing overview
Supriya G
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.com
chrysanthemu49
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...
Alisha Henderson
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.com
claric241
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysis
Asif Anik
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.com
kopiko147
 
Itis pentest slides hyd
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hyd
Rama krishna
 

Recommandé

Engineering Security Vulnerability Prevention, Detection, and Response
Engineering Security Vulnerability Prevention, Detection, and ResponseEngineering Security Vulnerability Prevention, Detection, and Response
Engineering Security Vulnerability Prevention, Detection, and Response
Jinnah University for Women
 
Penetration testing overview
Penetration testing overviewPenetration testing overview
Penetration testing overview
Supriya G
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.com
chrysanthemu49
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...
Alisha Henderson
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.com
claric241
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysis
Asif Anik
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.com
kopiko147
 
Itis pentest slides hyd
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hyd
Rama krishna
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.com
agathachristie113
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.com
KeatonJennings104
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.com
agathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.com
VSNaipaul15
 
Vulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) OverviewVulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) Overview
Susan Rantall
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and Testing
Maganathin Veeraragaloo
 
Best vulnerability assessment training
Best vulnerability assessment trainingBest vulnerability assessment training
Best vulnerability assessment training
AdarshMathuri
 
Challenges in Security Testing
Challenges in Security TestingChallenges in Security Testing
Challenges in Security Testing
Shikha Jarial
 
CST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comCST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.com
donaldzs8
 
CST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comCST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.com
DavisMurphyA97
 
Cst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comCst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.com
robertlesew6
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.com
PrescottLunt385
 
Cst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comCst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.com
Baileyabw
 
Assessment and Threats: Protecting Your Company from Cyber Attacks
Assessment and Threats: Protecting Your Company from Cyber AttacksAssessment and Threats: Protecting Your Company from Cyber Attacks
Assessment and Threats: Protecting Your Company from Cyber Attacks
Cimation
 
Cst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comCst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.com
McdonaldRyan79
 
Threat modelling
Threat modellingThreat modelling
Threat modelling
Rajeev Venkata
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Jorge Orchilles
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Donald E. Hester
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Nameen Singh
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
primeteacher32
 
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
cyberprosocial
 
Phases of Penetration Testing
Phases of Penetration TestingPhases of Penetration Testing
Phases of Penetration Testing
KiwiQA
 

Contenu connexe

Tendances

Vulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) OverviewVulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) Overview
Susan Rantall
 

Tendances (20)

CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.com
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.com
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.com
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.com
 
Vulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) OverviewVulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) Overview
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and Testing
 
Best vulnerability assessment training
Best vulnerability assessment trainingBest vulnerability assessment training
Best vulnerability assessment training
 
Challenges in Security Testing
Challenges in Security TestingChallenges in Security Testing
Challenges in Security Testing
 
CST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comCST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.com
 
CST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comCST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.com
 
Cst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comCst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.com
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.com
 
Cst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comCst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.com
 
Assessment and Threats: Protecting Your Company from Cyber Attacks
Assessment and Threats: Protecting Your Company from Cyber AttacksAssessment and Threats: Protecting Your Company from Cyber Attacks
Assessment and Threats: Protecting Your Company from Cyber Attacks
 
Cst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comCst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.com
 
Threat modelling
Threat modellingThreat modelling
Threat modelling
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 

Similaire à Security assessment

Security testing
Security testingSecurity testing
Security testing
baskar p
 
Exploring the Key Types of Cybersecurity Testing
Exploring the Key Types of Cybersecurity TestingExploring the Key Types of Cybersecurity Testing
Exploring the Key Types of Cybersecurity Testing
jatniwalafizza786
 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013
Ian Sommerville
 
Penetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdfPenetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdf
Sense Learner Technologies Pvt Ltd
 

Similaire à Security assessment (20)

Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
 
Phases of Penetration Testing
Phases of Penetration TestingPhases of Penetration Testing
Phases of Penetration Testing
 
Security testing
Security testingSecurity testing
Security testing
 
Exploring the Key Types of Cybersecurity Testing
Exploring the Key Types of Cybersecurity TestingExploring the Key Types of Cybersecurity Testing
Exploring the Key Types of Cybersecurity Testing
 
What to Expect During a Vulnerability Assessment and Penetration Test
What to Expect During a Vulnerability Assessment and Penetration TestWhat to Expect During a Vulnerability Assessment and Penetration Test
What to Expect During a Vulnerability Assessment and Penetration Test
 
Software security testing
Software security testingSoftware security testing
Software security testing
 
The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration Testing
 
SDET UNIT 5.pptx
SDET UNIT 5.pptxSDET UNIT 5.pptx
SDET UNIT 5.pptx
 
What are the 3 Phases of Penetration Testing
What are the 3 Phases of Penetration TestingWhat are the 3 Phases of Penetration Testing
What are the 3 Phases of Penetration Testing
 
What are the 3 Phases of Penetration Testing.pdf
What are the 3 Phases of Penetration Testing.pdfWhat are the 3 Phases of Penetration Testing.pdf
What are the 3 Phases of Penetration Testing.pdf
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docx
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1
 
Open Source Security Testing Methodology Manual - OSSTMM by Falgun Rathod
Open Source Security Testing Methodology Manual - OSSTMM by Falgun RathodOpen Source Security Testing Methodology Manual - OSSTMM by Falgun Rathod
Open Source Security Testing Methodology Manual - OSSTMM by Falgun Rathod
 
What are Vulnerability Assessment and Penetration Testing?
What are Vulnerability Assessment and Penetration Testing?What are Vulnerability Assessment and Penetration Testing?
What are Vulnerability Assessment and Penetration Testing?
 
Security testing vikesh kumar
Security testing vikesh kumarSecurity testing vikesh kumar
Security testing vikesh kumar
 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013
 
Penetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdfPenetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdf
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
What are the 5 Stages of Penetration.pdf
What are the 5 Stages of Penetration.pdfWhat are the 5 Stages of Penetration.pdf
What are the 5 Stages of Penetration.pdf
 

Dernier

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Dernier (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

Security assessment

  • 1. What is Security assessment? What are the different stages involved in it? Security assessment has different stages viz. discovery stage, vulnerability scan, assessment, security assessment, penetration stage, security audit and security review stage. Security assessment is a thorough study done mainly to identify IT related threats and risks. Full support of the organization being assessed is required for an explicit study. The organization should allow the assessor access to its network, facilities etc. An assessment is done to assess the working of the present security system and to make improvements if any amongst all the security tests a security assessment test is the most useful test. Security assessment is also known as security audit or security review. It should make sure that all necessary security tools required to protect the system have been incorporated into the system. Security assessment system goes through a number of stages to identify the risks and to analyze the situation. 1. Discovery stage: the services and systems under operation are identified. This process does not identify the weaknesses of the system but may at times point out the obsolete versions of software/firmware which in turn may be helpful to identify the potential vulnerabilities. 2. Vulnerability scan stage – it is meant to identify the security issues. With the help of automated tools it matches conditions with known vulnerabilities. Manual scanning or interpretation is not required as the tool automatically sets the reported risk level. 3. Vulnerability assessment stage - in order to place the findings into the context of the environment under test and to scan the security vulnerabilities it uses discovery and vulnerabilities. 4. Security assessment stage - the basis of this stage is vulnerability assessment. In order to confirm exposure it adds manual verification but does not include the use of vulnerabilities to work further. Security assessment can be done by authorizing access in order check system settings. It also scans logos, system responses, error messages, codes, etc. 5. Penetration test - imitates an attack by a harmful person-in order to gain further access it exploits the present vulnerabilities. This test may help us understand the potential of the person trying to hack the confidential information or data. in comparison to the security assessment approach which looks at the broader coverage this stage goes to the origin of attack
  • 2. 6. Security Audit – is responsible for handling the compliance issues. Due to its narrow scope it is flexible enough to use any of the above mentioned approaches i.e. vulnerability assessment, security assessment, etc. 7. Security Review – making sure that the product is adhering to the internal security standards. This stage follows a gap analysis and also makes use of build/code reviews or design data and diagrams. This stage has no relation with the earlier approaches. . For more information on security assessment you can visit URL: http://www.ivizsecurity.com/application-penetration.html