Vulnerability Assessment
What is Vulnerability Assessment?
Vulnerability AssessmentA systematic review of an environment to identify, classify, and prioritize security weaknesses, typically without active exploitation.
A vulnerability assessment combines automated tooling and analyst review to enumerate misconfigurations, missing patches, weak credentials, and design flaws across networks, hosts, applications, and cloud services. Findings are validated, scored using frameworks such as CVSS and EPSS, and ranked against business context and asset criticality. Unlike a penetration test, the goal is breadth and accurate inventory rather than proof of impact through exploitation. Output feeds remediation backlogs, risk registers, and compliance reporting, and forms the baseline for continuous vulnerability management programs.
● Examples
- 01
A quarterly internal vulnerability assessment that produces a ranked remediation backlog for IT operations.
- 02
A pre-deployment assessment of a new SaaS tenant against the CIS Benchmarks.
● Frequently asked questions
What is Vulnerability Assessment?
A systematic review of an environment to identify, classify, and prioritize security weaknesses, typically without active exploitation. It belongs to the Defense & Operations category of cybersecurity.
What does Vulnerability Assessment mean?
A systematic review of an environment to identify, classify, and prioritize security weaknesses, typically without active exploitation.
How do you defend against Vulnerability Assessment?
Defences for Vulnerability Assessment typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Vulnerability Assessment?
Common alternative names include: VA, Vulnerability review.