In this week’s session, we are taught about the next step of penetration testing which is Vulnerability Mapping which basically means we scan the server for vulnerability available and where we can exploit those vulnerabilities.

Theoretically vulnerabilities can be classified to lots of types such as Design Vulnerabilities, Implementation Vulnerabilities, Operational Vulnerabilities, Local Vulnerability, and Remote Vulnerability. So Design Vulnerabilities is vulnerabilities found in the software or protocol specifications. Implementation Vulnerability is vulnerabilities found in the code and lastly Operational Vulnerabilities is vulnerabilities found due to improper configuration and deployment target in an environment. While Local and Remote Vulnerability is Vulnerabilities differ based on the location.

While, practically we can use tools for Vulnerability Mapping such as OpenVAS, Sqlmap, Metasploit.