Once you’ve put your security measures in place, you need to make sure they’re actually protecting your assets. As discussed in Chapter 6, complying with laws and regulations doesn’t actually mean you’re secure. Since that’s the case, how can you assess the true level of your security? You have two primary vehicles for doing so: vulnerability assessment and penetration testing. In this chapter, I’ll discuss these two methods.
A vulnerability assessment is a process that uses a specially designed tool to scan for vulnerabilities. Two common vulnerability assessment tools are Qualys and Nessus. To create ...