HOME

TheInfoList



Click Here for Items Related To - Vulnerability scanner
OR:
Vulnerability scanner on:   [Wikipedia]   [Google]   [Amazon]

A vulnerability scanner is a
computer program A computer program is a sequence or set of instructions in a programming language for a computer to Execution (computing), execute. It is one component of software, which also includes software documentation, documentation and other intangibl ...
designed to assess
computers A computer is a machine that can be programmed to automatically carry out sequences of arithmetic or logical operations ('' computation''). Modern digital electronic computers can perform generic sets of operations known as ''programs'', ...
, networks or applications for known weaknesses. These scanners are used to discover the weaknesses of a given system. They are used in the identification and detection of vulnerabilities arising from mis-configurations or flawed programming within a network-based asset such as a firewall, router, web server, application server, etc. Modern vulnerability scanners allow for both authenticated and unauthenticated scans. Modern scanners are typically available as SaaS (
Software as a Service Software as a service (SaaS ) is a cloud computing service model where the provider offers use of application software to a client and manages all needed physical and software resources. SaaS is usually accessed via a web application. Unlike o ...
); provided over the internet and delivered as a web application. The modern vulnerability scanner often has the ability to customize vulnerability reports as well as the installed software, open ports, certificates and other host information that can be queried as part of its workflow. * Authenticated scans allow for the scanner to directly access network based assets using remote administrative protocols such as secure shell (SSH) or remote desktop protocol (RDP) and authenticate using provided system credentials. This allows the vulnerability scanner to access low-level data, such as specific services and configuration details of the host operating system. It's then able to provide detailed and accurate information about the operating system and installed software, including configuration issues and missing security patches. * Unauthenticated scans is a method that can result in a high number of false positives and is unable to provide detailed information about the assets operating system and installed software. This method is typically used by threat actors or security analyst trying determine the security posture of externally accessible assets. Vulnerability scanners should be able to detect the risks in open-source dependencies. However, since developers will usually re-bundle the OSS, the same code will appear in different dependencies, which will then impact the performance and ability of scanners to detect the vulnerable OSS. The CIS Critical Security Controls for Effective Cyber Defense designates continuous vulnerability scanning as a critical control for effective cyber defense.


See also

*
Cybersecurity Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and networks from thr ...
* Browser security * Computer emergency response team *
Information security Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data ...
* Internet security *
Mobile security Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The Information security, security of pe ...
* Dynamic application security testing * Penetration testing * Pentesting software toolkits *: ◦ OpenVAS *: ◦ Nessus *: ◦ Metasploit Project *: ◦ Snort


References


External links

Web Application eed link to legit site, old site was hoax* National Institute of Standards and Technology (NIST) Publication of their Security Content Automation Protocol
SCAP
outline. {{Information security Computer security software