Attached.

Running Head: WEBSITE SECURITY AND VULNERABILITY ASSESSMENT

Website Security and Vulnerability Assessment
Institutional Affiliation
Date

1

WEBSITE SECURITY AND VULNERABILITY ASSESSMENT
•

What is the difference between software testing and website vulnerability and
security assessments?

Software testing

Software testing, this is a process that is mostly used in executing an application or program with
the intent of searching software bugs. However, this software testing can also be claimed as the
process of validating as well as verifying that both an application or software program; works the
way it is expected, its implementation can be done with similar characteristics and finally it
meets the organization as well as the technical needs that guided its plan and development.

Website vulnerability

Website vulnerability is a general library of safety solutions, articles as well as guides which are
meant essential and revealing resources on an array of web vulnerability kinds, involving, but at
the same time not limited to, SQL injections, Cross-Site scripting, CSRF injection and finally
lack of transport layer weaknesses (Taylor, Mewett, Brass, & Doty, 2007).

Security assessments

This term security Assessment it generally points at Vulnerability Assessment that normally
scans company’s infrastructure as well as allocates vulnerabilities. Thus with that assessment
outcome, the technician is responsible for recommending ways to remedy the issue which is the
system. However, Security Assessment the main object that contains Vulnerability Assessment.
Finally, Security Assessment it mainly looks at all features within the organization’s security
somewhat than just doing the scan of the systems which are recently in place.

2

WEBSITE SECURITY AND VULNERABILITY ASSESSMENT
• How would you perform a website vulnerability and security assessment?

In order to perform website vulnerability, it is advisable that on is needed to be aware and get to
understand the goals or target application, how it works as well as the scope that is behind it.
There are two steps which are included in performing website vulnerability; the first one is to
start on an automated scan. It is then followed by manual penetration with the consideration of
the outcomes as well as the website’s complexity.

While on the other side in order to perform Security Assessment you are needed to;

Step 1: Recognize the hazards. In order to spot hazards, you have to understand the dissimilarity
between a 'hazard' and 'risk'.

Step 2: Make your mind up about who might be injured and how.

Step 3: Weigh up the risks and settle on control measures.

Step 4: Document your findings.

Step 5: Examine your assessment and bring up to date as and when needed.
• How can you use planned attacks to identify vulnerabilities?

If you are using planned attacks in identifying vulnerabilities:

First get to understand common attacks: this is because attacks on as well as around your
network emerge in various varieties.

3

WEBSITE SECURITY AND VULNERABILITY ASSESSMENT

Secondly, inventory your vulnerabilities: here you are needed to establish a complete list of
possible vulnerabilities.

Thirdly, make use of vulnerability scanning tools: most of the tools here are exist on checking
the existing security condition of the network.

The finally, assess the risks: the different vulnerabilities which are available on network
normally represent possible costs such as time, assets and also money to the library.
• How can you spot vulnerabilities in back-end systems and Structured Query Language
(SQL) databases?

In spotting vulnerabilities in back-end systems you have to follow hyperlinks, test web forms
automatically, design vulnerability test, then finally verbose logging and run-time errors.

While on the other side spotting in (SQL) databases you have to identify the system of the
database is operating then perform these SQL injection procedures

Time-based blind

Error-based

UNION query-based

Boolean-based blind

Stacked queries

Out-of-band

4

WEBSITE SECURITY AND VULNERABILITY ASSESSMENT
• How would you prepare a vulnerability and security assessment report?

Preparing vulnerability report

Title: in each vulnerability report this is the initial things expected by the client, however, the
title should shine some brightness on the certain vulnerability.

Understand the audience: this is because there is someone who is going to read it then try to act
on it, thus it is good to create a submission that is purposeful, clear and provides an actionable
conclusion (Doupé, Cova, & Vigna, 2010).

Be clears: in most of the time, a clear communication normally provides high chances of being
understood by the audience.

Have a purpose: this is because that communication which has no purpose is more likely to be
frustrating to the recipient.

Have an action: it is good to have some action in your communication so that your reader can
walk away with ideas of what they expect to do.

URL: this is the area where most of the clients focus while trying to validate the submission.

Replication steps: the steps here should be thorough (Zhao, & Zhao, 2010).

While on the other side, preparing security assessment you should;

Examine the data collected in the security assessment on the way to identify relevant issues.

Prioritize your ...