A piece of software and or hardware designed to detect the presence of vulnerabilities in an IT system.
Questions tagged [vulnerability-scanners]
395 questions
1
vote
3 answers
Vulnerability scanner shows SQL errors were disclosed.How Severe it is?
When I scanned my site for Vulnerabilities I found this error.
Various SQL errors were disclosed within the application source code or other files.
I have checked for sql injection and confirmed that it's not injectable.So how severe is this…
Harikrishnan
- 452
- 1
- 5
- 18
1
vote
1 answer
How do I verify versions of Adobe?
I ran a vulnerability scan against a server and it is pulling back a lot of Adobe vulnerabilities. I ran a Wireshark capture on the scan but I can't seem to write up a Wireshark filter on the packets. Does anyone know how to look for the versions of…
n_hov
- 129
- 1
- 3
- 9
1
vote
2 answers
TCP / UDP port monitoring programs for mac?
Does anyone know of a free and effective port monitor for mac? Also, can a laymen, in relatively short order, learn to use such software to detect and thus prevent unauthorized remote access/control of their system?
Matt Munson
- 113
- 5
1
vote
1 answer
Pre Installed OpenVAS , light way Linux
Is there any Pre installed light way OpenVAS Linux distributions Or any light way Linux witch Openvas Tested on it and work properly on that Linux distribution ?
I have used Back Track (UBUNTU Version) , it is not light way Linux with all that…
user13934
1
vote
1 answer
my site with joomla 1.5.14 got defaced and I'd like to know how he did it and stop it
I am supposed to manage the content of a site and it got defaced.
The site is hosted on a Linux server running Apache.
Apache version: 2.2.13
Linux version is Debian 4.0(I think I don't really have access to anything more than a ftp account and…
Para
- 113
- 1
- 6
1
vote
2 answers
Vulnerability scan scheduling approach on demand versus change?
I have a question regarding scheduling a vulnerability scanning and assessment exercise.
I'm in the process of laying a schedule for vulnerability scans. I'm wondering when and why to initiate the scan in the first place - What conditions should…
Saladin
- 1,547
- 3
- 14
- 23
1
vote
1 answer
How do you de-duplicate security risk findings obtained from various different tools?
You potentially use a variety of scanners and processes (e.g. Threat Modelling) which produces a set of overlapping outputs. How do you avoid repeated findings which are duplicated across toolsets?
transcend3nt
- 39
- 4
1
vote
0 answers
Scan sg350-28 with Nessus Credentialed checks
I have 4 SG350 (SG350-28 28-Port Gigabit Managed Switch) switches
I need to be able to do a Credentialed scans to the switches
The problem is when I try to scan it will not connect to port 22, from the log output it does not look like it is even…
James Connigan
- 111
- 2
1
vote
0 answers
Vulnerability scanners for .efi files
I have an .efi file with some hardware diagnostic tool like Memtest and I need to provide a security assessment for it. I am wondering, if there are any automated scanners, that can scan .efi files for vulnerabilities, like Black Duck? I've…
Mykyta Miakushka
- 11
- 1
1
vote
1 answer
Some random string is appended prefixed by a DOT at the end of URL
Recently we have run some Security scan report on one of our web-application and it has one issue reported as a path-based vulnerability. The scenario is as follows.
The request URL which our application intended to accept is…
ThilankaD
- 111
- 1
1
vote
0 answers
Scanning developer dependency for OSS scan
I have a angular project which has several packages that have direct dependencies and developer dependencies like below
"dependencies": {
"@angular/animations": "8.2.14",
"@angular/cdk": "8.2.3",
"@angular/common": "8.2.14",
"@angular/compiler":…
Harsh Vishwakarma
- 11
- 1
1
vote
0 answers
Remote file inclusion (RFI) found - vulnerability or false positive?
For educational purposes, I am pentesting an app server of mine. I am using ZAP and it reports a remote file inclusion vulnerability. I looked at it and think its a false positive but before I miss something I wanted to ask the community:
ZAP…
Lonzak
- 413
- 1
- 4
- 8
1
vote
1 answer
Auto-login to refresh token in Burp Suite 2
I want to run an automatic scan on a web application made with Angular and JSNode. On this one I have access to different types of accounts. On ZAP OWASP I can select the POST request, it detects the parameters in the request, I show it which…
William
- 13
- 3
1
vote
0 answers
REST API scanning using WebInspect
I am trying to scan our internal site's REST APIs using WebInspect. As the site does not yet follow the Open API Standards or use the Swagger tool, it does not have a .json file that contains the API definitions.
In WebInspect's document, it…
localacct
- 177
- 1
- 1
- 7
1
vote
1 answer
Security Report about "Insecure Content-Type Setting": Does this apply to CSS and JavaScript as well?
I am working through a report of an automated vulnerability scanner. One Item is
Web Server Misconfiguration: Insecure Content-Type Setting ( 11359 )
It's about not returning the character-set for a given HTML page like so, for example:
HTTP/1.1…
Marcel
- 3,494
- 1
- 18
- 35