List of installed packages on the host and matches against all known Common Vulnerabilities & Exposures (CVEs) captured in the National Vulnerability Database (NVD). It then compares them against the published security notice and triage data from the specific Linux distribution.
With fast moving technology adoption, rapid development cycles, mobile applications, IoT, etc. - Networks today are more vulnerable than ever. Additionally, cyber attacks and compromises are a real threat for most organizations. Vulnerability Assessment helps you validate your security controls against real-world threats, identify security risks in your environment and understand the real-world impact of these issues.
Vulernability Analysis should be performed on a regular basis based on internal change cycles or compliance and regulatory requirements. Some organizations carry out the activity once a year while some go as far as on a daily or monthly basis.
Factors causing vulnerabilities are:
1. Design flaws – If there are loop holes in the system that can allow hackers to attack the system easily.
2. Passwords – If passwords are known to hackers they can get the information very easily. Password policy should be followed rigorously to minimize the risk of password steal.
3. Complexity – Complex software can open the doors on vulnerabilities.
4. Human Error – Human error is a significant source of security vulnerabilities.
5. Management – Poor management of the data can lead to the vulnerabilities in the system.