How to Scan For Vulnerabilities | FREE Short Course
In this short course, we covered vulnerabiltiy scanning & management in cyber security along with the tools used to scan for vulnerabilities such as Nmap, Metasploit, OpenVas, Nikto and OwaspZAP.
Table of Contents
– Intro to Vulnerability Scanning in Cyber Security
– Vulnerability Scanning with nmap
– Vulnerability Scanning with Metasploit
– Vulnerability Scanning with Nessus
– Vulnerability Scanning with OWASP ZAP
– Vulnerability Scanning with Nikto
– Vulnerability Scanning with OpenVas
– Vulnerability Management LifeCycle
Please watch the video at the bottom for full detailed explanation of the walkthrough.
Vulnerability Scanning
The process of utilizing a computer program (vulnerability scanner)to find vulnerabilities in networks, computer infrastructure, or applications.
Identifying Assets
The next step is to identify the systems that will be covered by the vulnerability scans. Some organizations choose to cover all systems in their scanning process, whereas others scan systems differently (or not at all) depending on the classification of data stored on these systems, whether the system is internal or exposed to the internet, services running on the system and the nature of the system ( used for production, development or testing).
Determining the scanning frequency
You can designate a schedule that meets their security, compliance, and business requirements. You should also configure these scans to provide automated alerting when they detect new vulnerabilities using email reports.
Active vs Passive Scanning
Most vulnerability scanning tools perform active vulnerability scanning, meaning that the tool actually interacts with the scanned host to identify open services and check for possible
vulnerabilities.
Active scanning does provide high-quality results, but those results come with some drawbacks such as noisy scans easily detected by system admins and IDS/IPS. Additionally active scanning may inadvertently exploit vulnerabilities thus interfering with the function of a production system.
Passive vulnerability scanning takes a different approach that supplements active scans. Instead of probing systems for vulnerabilities, passive scanners monitor the network, similar to the technique used by intrusion detection systems. But instead of watching for intrusion attempts, they look for the telltale signatures of outdated systems and applications. Passive scanning only capable of detecting vulnerabilities that are reflected in network traffic. They’re not a replacement for active scanning, but they are a very strong complement to periodic active vulnerability scans.
Vulnerability Exploitation
Once you have conducted your initial survey of a target, including mapping out a full list of targets and probing them to identify potential vulnerabilities and weaknesses, the next step is to analyze that data to identify which targets you will prioritize, what exploits you will attempt, and how you will access systems and devices that you have compromised. In most cases, you will target the most vulnerable systems for initial exploits to gain a foothold that may provide further access. Not every vulnerability has exploit code released, and even when exploit code is released, it can vary in quality and availability.
Commercial Vulnerability scanners
- Nesus: Full Vulnerability Scanner
- Nexpose: Full Vulnerability Scanner
- Acunetix: Full Vulnerability Scanner
- Qualys: Full Vulnerability Scanner
Open Source Vulnerability scanners
- OWASP ZAP: Web Application Scanner
- OpenVas: Web Application Scanner
- Nikto: Web Application Scanner
- Wapiti: Web Application Scanner
- SQLmap: Database Vulnerability Scanner
