IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [vulnerability-scanners]

A piece of software and or hardware designed to detect the presence of vulnerabilities in an IT system.

395 questions
1
vote
3 answers

Vulnerability scanner shows SQL errors were disclosed.How Severe it is?

When I scanned my site for Vulnerabilities I found this error. Various SQL errors were disclosed within the application source code or other files. I have checked for sql injection and confirmed that it's not injectable.So how severe is this…
Harikrishnan
  • 452
  • 1
  • 5
  • 18
1
vote
1 answer

How do I verify versions of Adobe?

I ran a vulnerability scan against a server and it is pulling back a lot of Adobe vulnerabilities. I ran a Wireshark capture on the scan but I can't seem to write up a Wireshark filter on the packets. Does anyone know how to look for the versions of…
n_hov
  • 129
  • 1
  • 3
  • 9
1
vote
2 answers

TCP / UDP port monitoring programs for mac?

Does anyone know of a free and effective port monitor for mac? Also, can a laymen, in relatively short order, learn to use such software to detect and thus prevent unauthorized remote access/control of their system?
Matt Munson
  • 113
  • 5
1
vote
1 answer

Pre Installed OpenVAS , light way Linux

Is there any Pre installed light way OpenVAS Linux distributions Or any light way Linux witch Openvas Tested on it and work properly on that Linux distribution ? I have used Back Track (UBUNTU Version) , it is not light way Linux with all that…
user13934
1
vote
1 answer

my site with joomla 1.5.14 got defaced and I'd like to know how he did it and stop it

I am supposed to manage the content of a site and it got defaced. The site is hosted on a Linux server running Apache. Apache version: 2.2.13 Linux version is Debian 4.0(I think I don't really have access to anything more than a ftp account and…
Para
  • 113
  • 1
  • 6
1
vote
2 answers

Vulnerability scan scheduling approach on demand versus change?

I have a question regarding scheduling a vulnerability scanning and assessment exercise. I'm in the process of laying a schedule for vulnerability scans. I'm wondering when and why to initiate the scan in the first place - What conditions should…
Saladin
  • 1,547
  • 3
  • 14
  • 23
1
vote
1 answer

How do you de-duplicate security risk findings obtained from various different tools?

You potentially use a variety of scanners and processes (e.g. Threat Modelling) which produces a set of overlapping outputs. How do you avoid repeated findings which are duplicated across toolsets?
transcend3nt
  • 39
  • 4
1
vote
0 answers

Scan sg350-28 with Nessus Credentialed checks

I have 4 SG350 (SG350-28 28-Port Gigabit Managed Switch) switches I need to be able to do a Credentialed scans to the switches The problem is when I try to scan it will not connect to port 22, from the log output it does not look like it is even…
James Connigan
  • 111
  • 2
1
vote
0 answers

Vulnerability scanners for .efi files

I have an .efi file with some hardware diagnostic tool like Memtest and I need to provide a security assessment for it. I am wondering, if there are any automated scanners, that can scan .efi files for vulnerabilities, like Black Duck? I've…
Mykyta Miakushka
  • 11
  • 1
1
vote
1 answer

Some random string is appended prefixed by a DOT at the end of URL

Recently we have run some Security scan report on one of our web-application and it has one issue reported as a path-based vulnerability. The scenario is as follows. The request URL which our application intended to accept is…
ThilankaD
  • 111
  • 1
1
vote
0 answers

Scanning developer dependency for OSS scan

I have a angular project which has several packages that have direct dependencies and developer dependencies like below "dependencies": { "@angular/animations": "8.2.14", "@angular/cdk": "8.2.3", "@angular/common": "8.2.14", "@angular/compiler":…
Harsh Vishwakarma
  • 11
  • 1
1
vote
0 answers

Remote file inclusion (RFI) found - vulnerability or false positive?

For educational purposes, I am pentesting an app server of mine. I am using ZAP and it reports a remote file inclusion vulnerability. I looked at it and think its a false positive but before I miss something I wanted to ask the community: ZAP…
Lonzak
  • 413
  • 1
  • 4
  • 8
1
vote
1 answer

Auto-login to refresh token in Burp Suite 2

I want to run an automatic scan on a web application made with Angular and JSNode. On this one I have access to different types of accounts. On ZAP OWASP I can select the POST request, it detects the parameters in the request, I show it which…
William
  • 13
  • 3
1
vote
0 answers

REST API scanning using WebInspect

I am trying to scan our internal site's REST APIs using WebInspect. As the site does not yet follow the Open API Standards or use the Swagger tool, it does not have a .json file that contains the API definitions. In WebInspect's document, it…
localacct
  • 177
  • 1
  • 1
  • 7
1
vote
1 answer

Security Report about "Insecure Content-Type Setting": Does this apply to CSS and JavaScript as well?

I am working through a report of an automated vulnerability scanner. One Item is Web Server Misconfiguration: Insecure Content-Type Setting ( 11359 ) It's about not returning the character-set for a given HTML page like so, for example: HTTP/1.1…
Marcel
  • 3,494
  • 1
  • 18
  • 35
1 2 3
26 27