1. Goals&Objectives: - Defines goals and objectives of Vulnerability Analysis
2. Scope:
- While performing the Assessment and Test, Scope of the Assignment needs to be
clearly defined.
The
following are the three possible scopes exist:
·
Black Box Testing: - Testing from an external network with no
prior knowledge of the internal network and systems.
·
Grey Box Testing: -
Testing from either external or internal networks, with the knowledge of
internal network and system. It's the combination of both Black Box Testing and
White Box Testing.
·
White Box Testing: - Testing within the internal network with
the knowledge of internal network and system. Also known as Internal Testing.
3. Information
Gathering: - Obtaining as much information about IT environment such as
Networks, IP Address, Operating System Version, etc. It's applicable to all the
three types of Scopes such as Black Box Testing, Grey Box Testing and White Box
Testing
4. Vulnerability
Detection: -In this process, vulnerability scanners are used, it will scan
the IT environment and will identify the vulnerabilities.
5. Information
Analysis and Planning: - It will analyze the identified vulnerabilities, to
devise a plan for penetrating into the network and systems.
No comments:
Post a Comment