Vulnerability analysis

Once you have defined the threats that could lead to compromise, it's time to discover what vulnerabilities exist for those threats. In the vulnerability analysis phase, you start to discover vulnerabilities in systems and how you can act upon those by using exploits. 

Here, you will perform either active or passive analysis. Keep in mind that any failed exploits can lead to detection.

Active vulnerability analysis can consist of the following:

• Network scanners
• Web application scanners
• Automated scanners

Passive vulnerability analysis can consist of the following:

• Monitoring traffic
• Metadata

There are many vulnerability scanners that exist today. For example, the more commonly used one is Nessus, but there are many others, such as OpenVAS, Nikto, and QualysGuard.