Skip to content Skip to navigation Skip to footer

Vulnerability Assessment

What Is Vulnerability Assessment?

Vulnerability assessment is an evaluation method that enables organizations to review their systems for potential security weaknesses. It performs a vulnerability analysis process that aims to discover whether the organization is at risk of known vulnerabilities, assigns a level of severity to those vulnerabilities, and recommends whether a threat should be mitigated or remediated.

Vulnerability testing helps organizations discover whether their systems and software have active default settings that are insecure, which can include easily guessable admin passwords. It also assesses vulnerability to code injection attacks, such as Structured Query Language injection (SQLi) and cross-site scripting (XSS) attacks, and checks for a potential escalation of user privileges or incorrect authentication mechanisms.

Types of Vulnerability Assessments

The most common types of vulnerability assessments that organizations deploy are:

  1. Network-based scan: Identifies vulnerable systems on organizations’ wired and wireless networks, which could be used to launch security attacks against an organization’s networks.
  2. Host-based scan: Identifies potential vulnerabilities in hosts connecting to an organization’s network, such as critical servers and workstations. This vulnerability assessment also provides further visibility into configuration settings and the system’s patch history. 
  3. Wireless scan: Typically assesses an organization’s Wi-Fi connections to search for potential rogue access points (APs) and validate whether the network is configured securely. 
  4. Application scan: Tests an organization’s websites to search for known software vulnerabilities and weak configurations in web applications or networks.
  5. Database scan: Identifies weaknesses in databases and big data systems, such as misconfigurations, rogue databases, or insecure development environments, to protect organizations against potential malicious attacks. 

Four Steps of Vulnerability Assessment

Organizations that undergo a vulnerability assessment will follow a four-step process. 

However, it is important to remember that a vulnerability assessment is not a one-off activity that organizations forget about when it has been completed. It must be repeated regularly and operationalized by encouraging development, security, and operations teams to cooperate closely with each other—a process called DevSecOps.

Vulnerability Identification

The first step is to create a comprehensive list of vulnerabilities in an organization’s applications, servers, and systems. This is done by either scanning them using specific internet vulnerability assessment tools or by testing them manually. Vulnerability analysts can also use vulnerability databases, vendor announcements, threat intelligence feeds, and asset management systems to identify potential weaknesses. 

This first step of the process helps organizations understand the full details. This includes elements like risk appetite and tolerance level, business impact analysis, mitigation practices and policies, countermeasures for devices and services, and residual risk treatment.

Vulnerability Analysis

The second step aims to discover the source and initial cause of the vulnerabilities identified in the first step. The analysis stage identifies the system components responsible for each vulnerability as well as its root cause.


The final step in the vulnerability assessment process is to close any security gaps. This is usually a joint effort between the DevSecOps team, which sets out the most effective way to mitigate or remediate each vulnerability discovered. The remediation process includes introducing new cybersecurity measures, procedures, or tools; updating configuration and operational changes; and developing or implementing patches for identified vulnerabilities.

With the process completed, it is also vital for organizations to create a vulnerability assessment report. This needs to include recommendations on how to correct and mitigate vulnerabilities, risk mitigation techniques, and any gaps the assessment uncovers between the results and the organization’s system baseline. 

The report needs to include the name of the vulnerabilities, the date they were discovered, and the score attributed based on the Common Vulnerabilities and Exposures (CVE) database. It also needs to include a detailed description of vulnerabilities, systems affected, processes required to correct vulnerabilities, and a proof of concept of the vulnerability.

Vulnerability Assessment Tools

Organizations can discover new and known vulnerabilities through specific vulnerability assessment tools. They should schedule regular and automated scans of their critical IT systems, and ensure the results of the scans are fed into their ongoing vulnerability assessment operation. 

One of the most popular tools for vulnerability assessments is a web application scanner, such as the Fortinet Web Vulnerability Scanner. These tools scan, test, and simulate attack patterns of known vulnerabilities.

Protocol scanners can also be used to assess vulnerabilities. These are specifically designed to search for vulnerable network services, ports, and cybersecurity protocols. The other most common tool for vulnerability assessment purposes is a network scanner, which can be used to visualize organizations’ networks. It is also useful for discovering warning signs of vulnerabilities, such as insecure Internet Protocol (IP) addresses and spoofed or suspicious packet activity.

In addition, organizations should consider using plugins within the vulnerability assessment platform, such as scans of common and popular ports, firewalls, and content management systems (CMS), such as Drupal, Joomla, and WordPress.

How Fortinet Can Help: Vulnerability Assessment and WAF

Fortinet protects organizations and their business-critical applications through its FortiWeb web application firewall (WAF), which was named a Challenger in the 2020 Gartner Magic Quadrant for WAFs. Fortinet WAFs provide web applications with protection against attacks that target both known and new, or unknown, vulnerabilities.

The FortiWeb WAFs are particularly crucial to protecting organizations in the face of the ever-evolving threat landscape. Every time organizations deploy new web application features, update existing features, or expose new application programming interfaces (APIs), their attack surface expands. FortiWeb keeps pace with the expanding threat landscape, ensuring organizations are always protected through advanced features that defend them against known and zero-day threats.

FortiWeb uses an advanced and multi-layered approach that provides protection against high-risk threats, such as the Open Web Application Security Project (OWASP) Top 10. It also uses machine learning to customize protection for each application and ensure robust protection without the time-consuming manual modifications that other solutions require.

This enables the identification of anomalous, benign, and malicious behavior, as well as the capability to block malicious bot activity.

FortiWeb protects business applications wherever they are hosted, with options for hardware appliances, containers, cloud environments, Software-as-a-Service (SaaS) solutions, and virtual machines.