Vulnerability assessment concepts
One of the primary responsibilities of defenders is to be aware of vulnerabilities in their environment. Vulnerability assessments, including vulnerability scanning tools, are used to match up and discover vulnerabilities based on a list of known issues with applications, operating systems, and configurations. Flaws and vulnerabilities are released every day, exposing ways to exploit and abuse systems. This requires constant vigilance, updating, and vulnerability assessments using tools such as Nessus and Nexpose.
At the conclusion of an assessment, the results are usually classified based on their threat level; that is, low, medium, high, and critical. These classifications, sometimes referred to as severity levels, come from industry expectations and may not truly reflect the reality of the observation within the organization. For example, an organization may have an application that runs only on Windows 2000 using Adobe Acrobat with Java 1.3...
