Vulnerability assessments are necessary for discovering potential vulnerabilities
throughout the environment. There are many tools available that automate this
process so that even an inexperienced security professional or administrator can
effectively determine the security posture of their environment. Depending on scope,
additional manual testing may also be required. Full exploitation of systems and
services is not generally in scope for a normal vulnerability assessment engagement.
Systems are typically enumerated and evaluated for vulnerabilities, and testing can
often be done with or without authentication. Most vulnerability management and
scanning solutions provide actionable reports that detail mitigation strategies such as
applying missing patches, or correcting insecure system configurations.
