A vulnerability assessment is a thorough process in which we identify, quantify, and prioritize the vulnerabilities of your technological environment. This process may involve automated and manual techniques with varying degrees of rigor and an emphasis on comprehensive coverage. Using a risk-based approach, vulnerability assessments may target different layers of technology, the most common being host, network, and application-layer assessments.

Conducting vulnerability assessments help organizations identify vulnerabilities in their software and supporting infrastructure before a breach can take place. A "vulnerability" can be defined in two ways:

- A bug in code or a flaw in software design that can be exploited to cause harm.
- A gap in security procedures or a weakness in internal controls that when exploited results in a security breach.