Vulnerability scanner
| This article is part of a series on |
| Information security |
|---|
| Related security categories |
| Threats |
| Defenses |
A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for known weaknesses. In plain words, these scanners are used to discover the weak points or poorly constructed parts. It's utilized for the identification and detection of vulnerabilities relating to mis-configured assets or flawed software that resides on a network-based asset such as a firewall, router, web server, application server, etc. Modern vulnerability scanners will allow for both authenticated and unauthenticated scans to occur. Modern scanners are typically available as SaaS (Software as a Service) by providers over the internet as a web application and the amount of host information is vast. The modern vulnerability scanner has the capabilities to customize vulnerability reports, installed software, open ports, certificates and much other host information that can be queried by users to increase network security.
- Authenticated scans allow for the scanner to directly access network based assets using remote administrative protocols such as secure shell (SSH) or remote desktop protocol (RDP) and authenticate using provided system credentials. This allows the vulnerability scanner to access low-level data, such as specific services and configuration details of the host operating system. It's then able to provide detailed and accurate information about the operating system and installed software, including configuration issues and missing security patches.[1]
- Unauthenticated scans is a method that can result in a high number of false positives and is unable to provide detailed information about the assets operating system and installed software. This method is typically used by threat actors or security analyst trying determine the security posture of externally accessible assets.[1]
The CIS Critical Security Controls for Effective Cyber Defense designates continuous vulnerability scanning as a critical control for effective cyber defense.
Types
| Part of a server log, showing attempts by a scanner to find the administration page. | |
|---|---|
220.128.235.XXX - - [26/Aug/2010:03:00:09 +0200] "GET /db/db/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:09 +0200] "GET /db/myadmin/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:10 +0200] "GET /db/webadmin/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:10 +0200] "GET /db/dbweb/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:11 +0200] "GET /db/websql/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:11 +0200] "GET /db/webdb/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:13 +0200] "GET /db/dbadmin/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:13 +0200] "GET /db/db-admin/main.php HTTP/1.0" 404 - "-" "-" (..) | |
- Port scanner (e.g. Nmap)
- Network vulnerability scanner (e.g. Nessus, Qualys, SAINT, OpenVAS, INFRA Security Scanner, Nexpose, edgescan)
- Web application security scanner (e.g. Probe.ly, Nikto, Qualys, Sucuri, High-Tech Bridge, Burp Suite, OWASP ZAP, w3af, edgescan)
- Database security scanner
- Host based vulnerability scanner (Lynis)
- ERP security scanner
- Single vulnerability tests
See also
References
- 1 2 National Institute of Standards and Technology (September 2008). "Technical Guide to Information Security Testing and Assessment" (PDF). NIST. Retrieved 2017-10-05.
www,info,com
External links
- Web Application Vulnerability Scanning Tools, list at OWASP
- Twenty Critical Security Controls for Effective Cyber Defense from Center for Internet Security
- National Institute of Standards and Technology (NIST) Publication of their Security Content Automation Protocol (SCAP) outline.
- Modern Vulnerability Scanners Examples.(Probe.ly, Qualys, Tenable, HackerTarget,NexPose,OpenVAS)