Vulnerability testing is the process of identifying vulnerabilities within a system. This could be a software system, a physical system, or even a mechanical system, and the testing can be targeted to focus on components that might be technical, physical, or even administrative in their nature. A vulnerability test is very like a risk assessment, where assets being tested are indexed, value is assigned to them, vulnerabilities are then identified in terms of explicit issues or potential threats, concluding with a list of mitigations which could be employed to reduce the potential of exploitation. Automated tools exist for testing vulnerabilities in applications and infrastructure components, looking for typical issues with components, such as the potential for buffer overruns, SQL injection attacks and cross site scripting attacks. Depending on the level of assurance you require, you might want to conduct code level analysis of your bespoke application and in many cases outsource the vulnerability analysis to a third-party company that specializes in this kind of assessment. Tools such as Nexpose, Nessus, and OpenVAS are great places to start in terms of covering all the basic vulnerabilities that software systems can contain.
Why is organizational transformation important to increase the “intelligence” of the organization?