LESSON 9:

VULNERABILITY
ANALYSIS
&
ASSESSMENT
What this lesson covers?
01 OVERVIEW 02 SCANNING TYPES
— Definition, purpose, and role in the — Active, passive, intrusive, and non-
cybersecurity lifecycle intrusive methods

03 ASSESSMENT WORKFLOW 04 RESULTS AND RISK

— Asset identification, scanning, — False results, limitations, prioritization,
analysis, and reporting and tools
What is
Vulnerability
Assessment?
A vulnerability assessment is the process of
defining, identifying, classifying, and
prioritizing vulnerabilities in systems,
applications, and network infrastructure. Its
purpose is to find weaknesses before attackers
exploit them and to guide remediation through
a structured report.
 Helps organizations understand asset exposure before incidents
Why it matters happen.
in the Works with vulnerability management by feeding evidence into
patching and hardening.
cybersecurity Should be repeated after system changes such as new services,

lifecycle? devices, or opened ports.

Complements, but does not replace, penetration testing.

PREVENT PROTECT RESPOND IMPROVE

Discover weaknesses Prioritize fixes and Use reports to reduce Rescan to validate
early policy improvements recurring gaps remediation
 Types of
Vulnerability
Scanning
ACTIVE SCANNING PASSIVE SCANNING
Directly interacts with hosts, ports, Observes traffic, logs, or exposed
services, or applications to check for behavior without sending direct test
known vulnerabilities. actions to the target.
Sends probes or requests to the target. Monitors systems quietly and safely.
Provides deeper and more detailed Useful where uptime is sensitive.
findings. Usually provides less detail than
May create network traffic or slight active scanning.
service impact.
 Intrusive vs Non-intrusive
approaches
INTRUSIVE APPROACHES NON- INTRUSIVE APPROACHES
Actively tests or exploits Gathers information without exploiting or
vulnerabilities to confirm if they are stressing the system, making it safe for
real, giving more accurate results live environments

Can affect system performance or Does not disrupt services or affect

cause temporary disruptions because performance since it only observes and
of its aggressive approach analyzes

Best used in controlled environments Best for production systems or situations

or maintenance windows where where uptime and stability are the top
testing will not impact users priority
Vulnerability Assessment Process
01 02 03 04
ASSET SCANNING ANALYSIS REPORTING
IDENTIFICATION
Validate the Document issues,
List hosts, Run the chosen
findings, remove severity, business
applications, scanner and collect impact, and
noise, and
databases, devices, findings from the recommended
determine the real
and critical services. target environment. remediation.
level of risk.
Understanding
Scan Results
TYPES OF SCANNING ERRORS
FALSE POSITIVE
FALSE NEGATIVE
A type of error where the system says “there is a problem”
even though there isn’t.
Scanner reports a vulnerability, but it is not actually
present or exploitable
Often caused by misconfigurations, overly broad detection
rules, lack of context, for example already patched but still
flagged

FALSE POSITIVE
EFFECTS:
Wastes time investigating non-issues
Creates alert fatigue
Reduces trust in the scanning tool
May cause real threats to be ignored due to too many
false alarms
A type of error where the system says “everything is fine”
even though there is actually a problem.

A real vulnerability exists, but the scanner fails to detect it

Often caused by outdated signatures, limited scan depth
encrypted traffic not inspected, restricted access during
scanning

FALSE NEGATIVE
EFFECTS:
It creates a dangerous blind spot
System appears secure when it is not
Attackers can exploit unnoticed weaknesses
More dangerous than false positives because risks
remain hidden
Limitatons of
Vulnerability
Scanning
CANNOT DETECT TOOL NEEDS HUMAN
EVERYTHING DEPENDENCY VALIDATION
Scanners mainly Results depend on
Security analysts still
identify known scan plugins, need to confirm
weaknesses and signatures, findings, interpret
may miss complex configuration, context, and choose
logic flaws or zero- coverage, and the best fix.
day issues. update quality.
 Risk Prioritization

LOW MEDIUM HIGH CRITICAL

Minor exposure Moderate risk Serious Severe
with limited that requires exposure that vulnerability
impact, usually planned could that can be
not urgent but remediation to significantly easily exploited
should still be prevent it from affect systems and cause
monitored and becoming a or data, major damage,
fixed when bigger security requiring a fast requiring
possible. issue. and prioritized immediate
response. action.
 Impact Likelihood
How much damage the How likely the issue can be
vulnerability can cause to exploited based on
confidentiality, integrity, exposure, attacker effort,
availability, operations, or and existing controls,
data, including possible considering factors like how
data loss, system visible the system is, how
downtime, financial loss, easy the exploit is, and how
or reputational damage if strong the current security
exploited. defenses are.
Real-World Case
Example: Vulnerability
Scan Report Analysis
Scenario:
A small university’s IT department conducted a vulnerability
scan on their student information system (SIS) and internal
network after reports of slow performance and suspected
unauthorized access attempts. The goal was to identify
security weaknesses before the start of enrollment season,
when system traffic is expected to increase.
The scan covered:
Web application (student portal login system)
Database server
Internal network devices
Vulnerability Scan 2. Outdated Web Server Software

Report Analysis Description: The web server is

running an outdated version with

1. SQL Injection in Login Page known security vulnerabilities.

Description: The student portal login Impact: High – Could allow
form is vulnerable to SQL injection remote code execution or full
attacks. system compromise.
Impact: High – Attackers could bypass
Likelihood: Medium – Requires
authentication and access or modify
specific exploit conditions but
sensitive student records such as grades,
personal data, and enrollment details. known vulnerabilities already
Likelihood: High – The login page is exist publicly.
publicly accessible and can be exploited Risk Level: High
using automated attack tools.
Mitigation: Update to the latest
Risk Level: Critical
stable version and apply security
Mitigation: Immediately apply input
validation, use prepared statements, and patches immediately.
patch the application code.
3. Weak Password Policy 4. Open Ports on Internal
5. Missing Security Header
Description: Users can set Network Device
Description: Unnecessary Description: The system
weak passwords
ports are open on a network does not prevent clickjacking
Impact: Medium – Accounts
switch. attacks.
can be easily compromised
Impact: Medium – Could allow Impact: Low – Limited
leading to unauthorized
unauthorized access or damage, mainly affects user
access.
scanning of internal network. interaction security.
Likelihood: High – Common
Likelihood: Medium – Internal Likelihood: Low – Requires
attacker method is password attackers or compromised specific attack setup.
guessing or brute force. devices could exploit it. Risk Level: Low
Risk Level: High Risk Level: Medium Mitigation: Add security
Mitigation: Enforce strong Mitigation: Disable unused headers in web server
password rules and enable ports and apply strict access
configuration.
multi-factor authentication. control.
INDUSTRY TOOLS

Widely used commercial vulnerability An open-source web server scanner that

scanner known for broad plugin-based focuses on detecting outdated software,
checks, easier deployment, and strong dangerous files, and common web
reporting. vulnerabilities.

Cloud-based vulnerability management

Open-source-oriented scanner suited for
tool that provides continuous monitoring,
teams that want flexibility, customization,
asset discovery, and strong compliance
and lower software cost.
features.
THANK YOU!!!
WOW PEACE