Whats all included as part of a Vulnerability Assessment? – Digitalmunition

Home Forums Whats all included as part of a Vulnerability Assessment?

This topic contains 1 reply, has 2 voices, and was last updated by  misconfig_exe 1 month ago.

  • Author
  • #310197


    This is my second security company. In both the companies, VA meant just running a nessus scan. I understand the difference between VA and PT, but I don’t know where to draw the line.

    So, please help me understand this. What does a proper VA consist of? What are all the tools and tactics I can use for it?

  • #310198


    Rule 4 and low effort

  • #310199


    As you have found, there is no formal definition for what entails a vuln assessment, or a pen test for that matter. Every company will determine it’s own methodology. Personally, I focus on scope, and what the client is concerned about. It makes more sense to spend more time on something specific, than to scan everything. I personally draw the line between a VA and a PT if you are actively trying to exploit something. A VA will just identify, but not validate. I personally think the firms that just run nessus on a VA are lazy, but probably cheap.

You must be logged in to reply to this topic.