IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [vulnerability-scanners]

A piece of software and or hardware designed to detect the presence of vulnerabilities in an IT system.

395 questions
11
votes
4 answers

External Vulnerability Scan of DMZ

We currently have an internal and external vulnerability scanner setup in my organization. This morning our external scanner was going through a new external DDoS protection service instead of directly at our public IP space. (We firewall off anyone…
pr-
  • 782
  • 1
  • 4
  • 21
10
votes
4 answers

How does System Memory Dump work?

So there are so many pen-testing tools that perform a memory dump on the system. How exactly do they work - what exactly happens ?
Legolas
  • 563
  • 6
  • 16
10
votes
2 answers

How do vulnerability scanners detect when DEBUG is set to True on ASP.NET applications

I know how to check this setting in code, and I know where to look in the web.config, but I can't seem to find information on how a vulnerability scanner like Qualys would detect this. I've considered the following, but I have no way of knowing if…
David Stratton
  • 2,646
  • 2
  • 20
  • 36
10
votes
1 answer

How can I stop this DOS attack?

I have this entry appearing constantly in my router logs: [DOS Attack] : 5 [RST Scan] packets detected in last 20 seconds, source ip [xx.xx.xx.xx] They just never stop. It doesn't seem to affect anything, so should I be concerned? Is there…
user619818
  • 277
  • 1
  • 3
  • 8
10
votes
1 answer

How to Perform Vulnerability Assessment for WCF services

Does anyone know how to perform penetration testing/vulnerability assessment for Microsoft WCF services I couldn't find a tools till now , any tools available and guides are welcome
P3nT3ster
  • 877
  • 7
  • 10
9
votes
3 answers

Building list of vulnerabilities that should be verified during pentest

I am currently studying how to do server pentesting and need some advice/protip related to methology/best practices. People often mention that it is a good idea to gather intelligence and enumerate all vulnerabilities you are going to verify before…
Eugene Loy
  • 257
  • 2
  • 6
9
votes
3 answers

would threat modeling help in scanning code?

threat modeling would definitely help in determining the test cases and where to fuzz but my question is specific to code scanning. Would threat modeling help in focusing/prioritizing or any way static code analysis?
smiley
  • 1,214
  • 2
  • 13
  • 21
8
votes
3 answers

Is there a best practice to handle vulnerability scanning attempts?

We've found a number of attempts to access non-existent pages in our IIS logs, specifically a lot of variations on phpMyAdmin URLs. My kneejerk reaction would be to block these IPs, but I have a feeling this is not really a "solution" since the…
JNK
  • 183
  • 6
8
votes
2 answers

Testing SQL injection using sqlmap

I'm just started using sqlmap to test for possible SQL injection attacks. I have got a website which is vulnerable: C:\Python27>python xxx\sqlmap\sqlmap.py -u http://www.example.com/page.php?id=1 [*] starting at: 19:33:27 [19:33:27] [INFO] using…
PeeHaa
  • 599
  • 1
  • 4
  • 15
8
votes
6 answers

Determining vulnerable software on client machines

I am interested in how attackers manage to identify vulnerable versions of software on client machines, behind a large network or stand alone at home. I am not interested in portscanning at all, as the majority of software on a client machine will…
Sonny Ordell
  • 3,476
  • 9
  • 33
  • 56
8
votes
7 answers

Are there any tools for scanning for SQL injection vulnerabilities while logged in?

Some pages of my website were vulnerable to SQL injection. The injection worked only when the user was logged in. I have now fixed this problem, and now I want to make sure that no similar problems remain. I have tried scanning with sqlninja and…
Harikrishnan
  • 452
  • 1
  • 5
  • 18
8
votes
1 answer

Is it dangerous "Powered by..." tag

Is it dangerous from a security perspective to put a line at the bottom of a website "Powered by Wordpress/Drupal/Django/WHATEVER" ? I know that certain platforms/applications have different security vulnerabilities that are more common/easily…
KDEx
  • 4,981
  • 2
  • 20
  • 34
8
votes
1 answer

Malformed HTTP requests with repeated protocol (GET /https://https://www.DOMAIN.com) in Apache logs - what vulnerability are they scanning for?

About once per day, I'm seeing the following series of requests in my Apache 2.4 httpd logs, and I'm trying to figure out what vulnerability is being scanned for. Each occurrence of these scans has an identical pattern (replaced my domain name with…
Parker
  • 400
  • 1
  • 3
  • 15
8
votes
3 answers

Does concealing server software versions have a notable effect on security?

Web servers can add Server, X-Powered-By and similar headers into HTTP responses. Looks like the consensus is such headers should be removed so that automatic vulnerability scanners don't immediately know which version of which software they're…
sharptooth
  • 2,161
  • 1
  • 19
  • 22
8
votes
2 answers

Response to unauthorized scan by legit company?

On Christmas day, our web service came under an apparent attack and we responded by blocking the (single) source IP. Upon later investigation, it turns out the 'attack' was actually an intense vulnerability scan by a reputable company. It appears…
michaelg
  • 81
  • 3
1 2
3
26 27