Common vulnerability assessment types

Dimitar Kostadinov
December 9, 2020 by
Dimitar Kostadinov

A vulnerability assessment is a process so complicated that it often requires a comprehensive approach. This would mean that a multiple sub-assessments are to be executed – each of which spanning different areas within the evaluated organization’s IT system – in order the final analysis to be exhaustive enough to produce meaningful results.

Host vulnerability assessment

Network hosts like workstations and servers may contain vulnerabilities. This assessment focuses on the services and ports, and it may overlap – in whole or in part – with the network-based assessment.

Popular security omissions in this category are configuration errors, false file permissions and incorrect registries. There are quite a few commercial and open-source tools that can be used in this field.

Learn Vulnerability Assessments

Learn Vulnerability Assessments

Seven courses build the skills needed to perform a custom vulnerability assessment for any computer system, application or network.

Network and wireless vulnerability assessment

This type of assessment reveals how susceptible an organization is to Internet/Intranet attacks and whether a hacker can gain access to sensitive information. These assessments can intermingle its components with those of the application vulnerability assessment and host-based security assessment.

Here is a simple 6-step plan to assess your network security:

Step 1: Understand how your business is organized

Step 2: Locate all the relevant applications and data

Step 3: Search for hidden data sources that may expose you to a data leak

Step 4: Identify both virtual and physical servers that run applications necessary for your business operations

Step 5: Keep track of all security measures that are already in place

Step 6: Scan your network for vulnerabilities

Scanners usually inspect all services running through the open ports to determine whether any vulnerabilities are present or not. Network assessment specialists use scanners such as Nexus to discover weak authentication, weak encryption, unnecessary services and missing patches on firewalls and networks. Many network scanners are designed to work pursuant to a technique called “Stack Fingerprinting” where the scanner identifies characteristics of the TCP/IP stack on a remote host.

A network assessment can include the following tests:

  • Examine network topologies for incorrect firewall configuration
  • Check whether database servers are properly configured
  • Review the filtering rules of the router
  • Revise the HTML source code for giving out more information than necessary

Under scrutiny are practices and policies that preclude unauthorized access to network-accessible resources of every kind, both public and private networks in particular. It is also worth noting in the same context that a network-based vulnerability assessment can ascertain whether the organization is prepared to face common social engineering threats.

Once the tools are able to map the entire Wi-Fi spectrum, then they can proceed to check the reliability of the end-to-end connectivity. A wide array of information can be delivered once the assessment is ready: RF Coverage Maps, RF Analysis, Capacity Plan, Channel Plan, Access Point installation recommendations, if physical structures impede radio transmission, etc.

Unlike its former predecessors, wireless networks of today have been equipped with good data encryption mechanisms. Do organizations use them all the time? No, not at all. For that reason alone, an evaluation of the wireless authentication mechanisms is necessary.

Rogue networks that exist within the company’s IT perimeter may threaten its security foundations. Tests wiretap the network traffic to attempt to crack encryption keys, among other things. Here is an example of several popular items that should be on the list:

  • Check patches on the server and external network devices
  • Perform tests on detection mechanisms in place (e.g., firewalls, IDS and application layer security system)
  • Scan for security problems web applications such as e-commerce shopping cart software

Database vulnerability assessment

Databases and Big Data systems often suffer from misconfigurations, as well as missing patches, weak passwords and default vendor accounts.

Some popular detection methods in the context of a database vulnerability assessment are agent-based scanning, database scanning and dynamic monitoring.

Examined are potential exploits like:

  • file permissions and external database configuration files
  • sharing privileged credentials
  • unprotected or duplicate sensitive information such as credit card numbers, social security numbers, proprietary data, trade secrets and so on

Regular check-ups would likely prevent SQL injection and other command injection attacks, among other things.

Cloud-based vulnerability assessment

Platforms in the cloud environment such as WordPress, Joomla and web applications may also suffer from security flaws.

Each cloud environment could actually be evaluated with a one-stop solution for a centralized control over network security management that has the capability to perform vulnerability assessment checks, report and mitigate issues, and ensure general adherence to processes and guidelines.

Application vulnerability assessment

Vulnerabilities are often to be found in applications created and managed by third-party vendors. All in all, being often poorly tested, web applications suffer from lots of vulnerabilities. One example of that is incorrect configurations of the application and its source code. The good news is that many software flaws can easily be remediated once identified.  

The transactional web applications are understandably most targeted, but the assessment should pick a more comprehensive approach that spans traditional client-server applications and hybrid systems. Tools test for known vulnerabilities, outdated content and any other misconfiguration. An automated scan and a dynamic and static analysis of code is the way to go.

Before arriving to the final conclusion, one should try to find a meaningful answer to these questions:

Who is most likely to pose a potential threat? 

What kind of data are you trying to protect?

What does your application’s attack surface look like?

Where have you struggled with application-related security issues in the past? 

The process of vulnerability assessment identifies, classifies and prioritizes security loopholes within an IT system. At the end of the assessment, all applications are to be classified based on the likely impact the application would cause during a cybersecurity accident. Despite that classification strategies are usually organization-specific, regulatory compliance should be taken into account as well. In fact, every assessment is a step that will make sure your app abides by cybersecurity laws. An example of a classification of applications is:

  • Critical applications (Highly-sensitive data)
  • Important applications (Sensitive data)
  • Strategic applications (Confidential data)
  • Internal support applications (Private data)
  • General support applications (Public data)

Physical security assessment

Often neglected, this type of assessment determines whether common physical attacks can overcome existing physical and environmental controls.

It may include a thorough review of current policies, interviews with key staff and a visit to the IT site, the compound and other essential facilities to evaluate all environmental controls. 

Other types of vulnerability assessments

Active assessment

The use of active network scanners is a good way to unobtrusively identify hosts, services and their respective vulnerabilities that exist in a given network.

Passive assessment

A process that excels in remotely analyzing the traffic that runs on the network to map out active systems, applications, other network services, as well as users who have recently been on the network.

If properly designed and configured, a host-based scanner that performs passive network monitoring would have no impact on endpoint performance.

External assessment

It can be useful to see your system through the eyes of a cybercriminal. That is the main point of this type of assessment as it focuses on the exploits accessible to the outside world. It can encompass routers, firewalls, servers and other external devices.

Learn Vulnerability Management

Learn Vulnerability Management

Get hands-on experience with dozens of courses covering vulnerability assessments, tools, management and more.


With the help or such a great variety of vulnerability assessment types, each organization can tailor this process to meet security compliance standards set out in different laws, such as GDPR, PCI DSS, HIPAA, etc. 

To stay compliant is one thing, but conducting various vulnerability assessments is something that every respectable organization needs to do on a regular basis.



  1. 17 Best Vulnerability Assessment Scanning Tools, phoenixNAP
  2. A Comprehensive Guide to Network Vulnerability Assessment, ScienceSoft USA Corporation
  3. A Guide to Application Security Assessments, LBMC
  4. Application Security Risk: Assessment and Modeling, ISACA
  6. Explore Vulnerability Assessment Types and Methodology, Indusface
  7. Host-based Versus Network-based Security, Netsurion
  8. Let's talk about wireless connectivity., WEI
  9. Network Vulnerability Assessment | 6 Vital Steps, The SolarWinds MSP
  10. Security Assessments, Carnegie Mellon University
  11. The Difference Between Vulnerability Assessment and Vulnerability Management, Reciprocity
  12. Vulnerability Assessments Top 8 Most Useful, Infosavvy
  13. Vulnerability Assessment: Security Scanning Process, PenTest Magazine
  14. What Is a Vulnerability Assessment? And How to Conduct One, Upgard
  15. What Is a Vulnerability Assessment?, EC-Council University
  16. What is Vulnerability Assessment? Its Importance, Types and Procedure, ICSS.
Dimitar Kostadinov
Dimitar Kostadinov

Dimitar Kostadinov applied for a 6-year Master’s program in Bulgarian and European Law at the University of Ruse, and was enrolled in 2002 following high school. He obtained a Master degree in 2009. From 2008-2012, Dimitar held a job as data entry & research for the American company Law Seminars International and its Bulgarian-Slovenian business partner DATA LAB. In 2011, he was admitted Law and Politics of International Security to Vrije Universiteit Amsterdam, the Netherlands, graduating in August of 2012. Dimitar also holds an LL.M. diploma in Intellectual Property Rights & ICT Law from KU Leuven (Brussels, Belgium). Besides legal studies, he is particularly interested in Internet of Things, Big Data, privacy & data protection, electronic contracts, electronic business, electronic media, telecoms, and cybercrime. Dimitar attended the 6th Annual Internet of Things European summit organized by Forum Europe in Brussels.