Vulnerability testing
Conducting a vulnerability assessment is an important step that must be taken in order to find security weaknesses in an application, a network, or even an organization. These assessments can be carried out regularly throughout the firm using software that is designed to do automatic scanning. It is recommended that these scans are done on a regular basis to ensure any newly reported vulnerability is scoped into the latest scan and that the organization stays protected from that threat. The frequency of these scans should be defined by the blue team, keeping in mind the complexity of the organization and the frequency of changes that are deployed.
There are various tools available that offer a breadth of capabilities and features. As with any other product, they should be carefully selected and tested within the organization’s test environment before being deployed in the production setup. Some of these products focus on application-level scans, and...