Are you Vulnerable?


Vulnerability management is the "cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities", especially in software and firmware. Vulnerability management is integral to computer security and network security.

A potential way to find vulnerabilities is to employ a vulnerability scanner. This is a computer program that analyzes the software of a computer system in search of previously identified vulnerabilities, such as open ports, insecure software configuration, and susceptibility to malware.

A vulnerability scanner cannot necessarily identify an undocumented vulnerability, such as a zero-day attack. However, penetration tests and fuzz testing with relevant test cases can identify certain kinds of vulnerabilities, such as a buffer overflow exploit. Such analyses can be facilitated by test automation.

Similarly, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).

Correcting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software (such as a firewall), or educating users about social engineering.

Managing Vulnerabilities

Are you vulnerable? The answer is probably yes. This site will provide information to help address the process of vulnerability management.

Click the menu options above to start learning.