Vulnerabilities/Threat Assessment must be continuous because the assets change dynamically as well as the cyber threats change unexpectedly. In order to detect these vulnerabilities, we must continuously run automated vulnerability/threat assessments to inform organizations about the level of vulnerability from each of the assets. Vulnerabilities are known threats that must be mitigated as we find them before these vulnerabilities become threats to the assets. Various vulnerability scanners should be utilized to automate the vulnerability scanning on a continuous basis. Unlike zero-day attacks, we must remove these known vulnerabilities in your networks as quickly as possible. Network, computer and application vulnerabilities must be scanned continuously. Some of the application vulnerabilities include Spoofing identity, integrity threats, information disclosures, elevation of privileges, backdoors, buffer overflows, URL rewriting, Predictable credentials, Hidden fields, cross-site scripting, parameter tampering, cookie poisoning, session cloning & hijacking, input manipulation, direct access browsing, improper web server configuration.
Vulnerabilities typically fall into defined categories as follows, and are reported accordingly upon discovery: