Vulnerability scans and penetration tests can help security analysts best identify the major gaps in their network so that they can mitigate them and make their environment more secure
Many organizations have vulnerability management teams to best assess the integrity of their security controls and security gaps which helps identify the risks present. The best way to understand the different gaps within your environment is by performing scans/penetration tests on both the internal and external environments. By going at Drexel’s environment with two different perspectives, a student at the university who wants to increase their privilege, and as an external attacker that wants to gain access to Drexel’s resources, we can best understand the vulnerabilities present in Drexel’s environment.
After collecting all the data from the scans and tests we will be able to create metrics and displays that show all the vulnerabilities found and highlight the 5-10 most severe. Along with pulling resources from MITRE ATT&CK will we be able to create a report on best practices and mitigation techniques to reduce the risks found from our vulnerability assessment, ultimately making Drexel’s environment more secure.