A vulnerability assessment is the testing process used to identify and assign severity levels to as many security defects as possible in a given timeframe. This process may involve automated and manual techniques with varying degrees of rigor and an emphasis on comprehensive coverage. Using a risk-based approach, vulnerability assessments may target different layers of technology, the most common being host-, network-, and application-layer assessments.
Conducting vulnerability assessments help organizations identify vulnerabilities in their software and supporting infrastructure before a compromise can take place.
A vulnerability can be defined in two ways: