1
00:00:00,240 --> 00:00:05,140
Let us have a look at the importance of vulnerability assessment.

2
00:00:05,820 --> 00:00:11,850
Yes, it is important for the security of the organization, but again, I would like to ask the question

3
00:00:12,150 --> 00:00:20,970
why security researchers, bug bounty programs and broken windows are discovering and reporting new

4
00:00:20,970 --> 00:00:22,350
vulnerabilities daily.

5
00:00:23,010 --> 00:00:30,720
Now, these vulnerabilities are frequently caused by either coding errors or by missed configurations,

6
00:00:31,170 --> 00:00:31,920
not coding.

7
00:00:31,920 --> 00:00:37,740
Errors include the failure to check the user input, which allows the attackers to improperly access

8
00:00:37,740 --> 00:00:39,660
the system, memory or data.

9
00:00:40,350 --> 00:00:42,430
Well, you must be curious how this happened.

10
00:00:42,440 --> 00:00:50,160
So we are going to see in the ethical hacking section now vulnerable to attack, which we had discussed

11
00:00:50,160 --> 00:00:52,200
in the history of cyber security part.

12
00:00:52,200 --> 00:00:59,160
If you remember, it was a massive ransomware attack affecting organizations around the globe and it

13
00:00:59,160 --> 00:01:08,460
targeted the eternal blue vulnerability, which was first reported on April 14, 2017, before being

14
00:01:08,460 --> 00:01:10,860
used in one attack in May 12.

15
00:01:10,890 --> 00:01:18,120
So within a span of one month, almost all these organizations did have the time to patch.

16
00:01:18,750 --> 00:01:19,140
Right.

17
00:01:19,260 --> 00:01:21,360
But did they patch the vulnerability?

18
00:01:21,510 --> 00:01:21,960
No.

19
00:01:22,200 --> 00:01:29,610
And on May 12, the attack was carried out and hundreds and thousands of computers were compromised.

20
00:01:30,720 --> 00:01:36,630
That is why our liberty assessment informs organizations on the weaknesses present in their environment.

21
00:01:37,570 --> 00:01:44,620
It provides a way to detect and resolve the security problems, but ranking the vulnerabilities before

22
00:01:44,620 --> 00:01:46,100
someone can exploit them.

23
00:01:46,630 --> 00:01:53,290
So that is what I was seeing in the last lecture, is that the organizations hire experts, third party

24
00:01:53,290 --> 00:01:59,650
experts, to identify the weaknesses for them so that a bad actor won't identify.

25
00:02:01,410 --> 00:02:08,850
For organizations, you know, seeking to reduce their security risk of a liberty assessment is a good

26
00:02:08,850 --> 00:02:14,730
place to start operating systems that their networks are there, the applications are there.

27
00:02:14,970 --> 00:02:22,350
So these are scanned in order to identify the root of vulnerabilities which can be found out by different

28
00:02:22,350 --> 00:02:25,350
ethical hackers and a team of security experts.

29
00:02:26,310 --> 00:02:31,420
Again, it also helps in identifying the threats and weaknesses at the earliest.

30
00:02:31,740 --> 00:02:40,250
As I said on May 12, the first one on April 14th, the first vulnerability that Eternal Blue was identified.

31
00:02:40,500 --> 00:02:46,420
And after that, after almost a span of one month, the entire attack of one group was carried out.

32
00:02:46,740 --> 00:02:54,540
So if those organizations were already patched over liberties after it was reported was saved from the

33
00:02:54,540 --> 00:02:54,900
attack.

34
00:02:54,900 --> 00:02:59,660
But those who didn't feel and therefore their systems got compromised.

35
00:03:01,610 --> 00:03:09,410
Validity assessment does provide a thorough, inclusive assessment of hardware and software assets identifying

36
00:03:09,410 --> 00:03:14,500
different vulnerabilities, and it provides to different risk score for each celebrity.

37
00:03:15,410 --> 00:03:22,520
Now, a regular assessment program assists organizations with managing the risk in the face of an ever

38
00:03:22,520 --> 00:03:29,390
evolving threat environment, identifying and scoring one liberty so that attackers do not catch the

39
00:03:29,390 --> 00:03:30,980
organizations unprepared.

40
00:03:32,360 --> 00:03:35,270
That is why we report of liberty.

41
00:03:35,270 --> 00:03:38,580
Assessment is very important in the next lecture.

42
00:03:38,600 --> 00:03:44,540
We are going to talk about the 10 steps of vulnerability assessment, which you need to keep in your

43
00:03:44,540 --> 00:03:50,420
mind, because if anyone asks you during your interviews or, you know, if you are saying you have

44
00:03:50,420 --> 00:03:56,870
done cybersecurity, you must understand the 10 basic steps of vulnerability assessment.

45
00:03:57,500 --> 00:03:58,040
All right.

46
00:03:58,230 --> 00:03:59,660
Keep the momentum going.

47
00:03:59,660 --> 00:04:01,930
I will see you in the next lecture.