Please Paraphrase the below
How can you use planned attacks to identify vulnerabilities?
If you are using planned attacks in identifying vulnerabilities:
First get to understand common attacks: this is because attacks on as well as around your network emerge in various varieties.
Secondly, inventory your vulnerabilities: here you are needed to establish a complete list of possible vulnerabilities.
Thirdly, make use of vulnerability scanning tools: most of the tools here are exist on checking the existing security condition of the network.
The finally, assess the risks: the different vulnerabilities which are available on network normally represent possible costs such as time, assets and also money to the library.
• How can you spot vulnerabilities in back-end systems and Structured Query Language (SQL) databases?
In spotting vulnerabilities in back-end systems you have to follow hyperlinks, test web forms automatically, design vulnerability test, then finally verbose logging and run-time errors.
While on the other side spotting in (SQL) databases you have to identify the system of the database is operating then perform these SQL injection procedures
Time-based blind
Error-based
UNION query-based
Boolean-based blind
Stacked queries
Out-of-band
• How would you prepare a vulnerability and security assessment report?
Preparing vulnerability report
Title: in each vulnerability report this is the initial things expected by the client, however, the title should shine some brightness on the certain vulnerability.
Understand the audience: this is because there is someone who is going to read it then try to act on it, thus it is good to create a submission that is purposeful, clear and provides an actionable conclusion (Doupé, Cova, & Vigna, 2010).
Be clears: in most of the time, a clear communication normally provides high chances of being understood by the audience.
Have a purpose: this is because that communication which has no purpose is more likely to be frustrating to the recipient.
Have an action: it is good to have some action in your communication so that your reader can walk away with ideas of what they expect to do.
URL: this is the area where most of the clients focus while trying to validate the submission.
Replication steps: the steps here should be thorough (Zhao, & Zhao, 2010).
While on the other side, preparing security assessment you should;
Examine the data collected in the security assessment on the way to identify relevant issues.
Prioritize your risks as well as observations; invent remediation steps.
File the segments of the description detailing the assessment scope as well as methodology.
File the segments of the report recounting your results and recommendations.
Attach related figures as well as raw data to sustain the major body report.
Create executive summary to highlight the key findings and recommendations.