Software defined networking (SDN) is the technology that has changed the design and deployment architecture of networks with its benefits like centralization, application awareness, programmability and so forth. But security is one aspect, which needs to be continuously revised according to the new vulnerabilities or bugs found in the network.In this article, penetration testing or vulnerability assessment has been performed on ONOS SDN controller with both single and clustered controller environments. Penetration testing has been performed using DELTA framework, which is solely built for SDN. Apart from using DELTA, python scripting and some popular DDoS tools like Hping3, Nping and Xerxes, are used to perform DDoS (TCP SYN and HTTP) vulnerability assessment. A total of 13 known and unknown vulnerabilities were found with impact of six each listed in high, and medium, while one vulnerability has low-impact.The impact level is measured using common vulnerability scoring system (CVSS) 3.1.Vulnerabilities have been found on the ONOS deployments with default parameters and results achieved can be used to strengthen the security of ONOS SDN controller.Our research puts major emphasis on finding both known and unknown vulnerabilities in ONOS SDN controller and their countermeasures to prevent or mitigate these vulnerabilities.