A piece of software and or hardware designed to detect the presence of vulnerabilities in an IT system.
Questions tagged [vulnerability-scanners]
395 questions
7
votes
3 answers
Which resources can help me learn how to use metasploit?
I tried google search but I can't find good resources to learn how to use the metasploit framework.
Where would you suggest a beginner go to learn about using metasploit?
wizztjh
- 181
- 4
7
votes
1 answer
What evaluation criteria would you use for an Oracle scanning tool?
What evaluation criteria would you use to select the right Oracle scanning tool?
Context:
To deploy an automated scanning tool (nessus / SQuirreL etc) for use by both development teams and security teams.
One tool to be used by both teams during the…
David Stubley
- 2,886
- 1
- 17
- 28
7
votes
8 answers
What is the vulnerability in my PHP code?
A website of mine was recently hacked. Although the actual website remain unchanged, they were somehow able to use the domain to create a link that re-directed to an ebay phishing scam.
I've taken the website down, for obvious reasons, so I can't…
Jeff
- 943
- 1
- 6
- 9
7
votes
4 answers
implications of incomplete TCP handshake session
In network security, why do we care about knowing incomplete TCP handshake sessions? Is there a security implication behind this?
steve
- 85
- 1
- 4
7
votes
2 answers
How to recommend a (more) secure router
A colleague asked me to recommend a router for her small business. I asked her for a specification list, and on her list, she specifies secure.
Well, we all know that nothing is completely secure in the tech world, but I started researching router…
RockPaperLz- Mask it or Casket
- 3,114
- 21
- 50
7
votes
1 answer
Industry best practices for vulnerability scanning and management?
I am looking for reference documents or talks as to the end results for a vulnerability assessment, scanning, and management process at a fully matured "impressive" level for a large organization that invests well in security.
I understand most…
user84662
6
votes
3 answers
Network Vulnerability Scanner placement on network
We have implemented/are implementing a network vulnerability scanning process, and we have chosen to use Qualysguard.
Qualys supply a scanner appliance for the internal network scanning, which obviously connects to the network. Our internal network…
hmallett
- 193
- 7
6
votes
1 answer
How can I misuse the information of DCE service enumeration?
Nessus reports almost on any Windows machine "DCE service enumaration". With the metasploit module tcp_dcerpc_auditor I get the following information:
192.168.1.23 - UUID 99fcfec4-5260-101b-bbcb-00aa0021347a 0.0 OPEN VIA 135 ACCESS GRANTED…
user857990
- 903
- 1
- 9
- 21
6
votes
3 answers
Failed PCI-DSS Compliance | Submitting Evidence
One of our web servers that is managed by a service provider (completely in their control, we have no login access) just failed PCI-DSS vuln. scan by TrustKeeper. The vuln scan detected the box as a Windows Server 2003 SP1 OS (extremely out of…
SnakeDoc
- 357
- 1
- 9
6
votes
1 answer
Command line Nessus/OpenVAS or NSE to find specific vulns?
Which methods do you use to quickly scan a network for certain vulnerabilities?
I read in the O'Reilly book Network Security Tools that Nessus had the ability to test for one vulnerability only, but that it had to be done via the command line. But…
atdre
- 18,885
- 6
- 58
- 107
6
votes
1 answer
Does WebDAV pose an unreasonable risk in IIS7.5?
I'm looking for a bit of feedback on WebDAV, in this case running on IIS7.5. I've had an IBM Rational AppScan report come to me with a medium severity finding as a result of DAV entries in the response headers.
I'm conscious WebDAV has had its…
Troy Hunt
- 3,930
- 4
- 19
- 21
6
votes
2 answers
False positives in OpenVAS
I recently ran the 1st vulnerability scan in my offices network using OpenVAS.
We received a great deal of false positives.
Mostly I saw that (at least some) tests are unaware of internal patches in a system.
For example we were alerted to these:…
Uberhumus
- 198
- 1
- 7
6
votes
3 answers
How do I test and secure ASN.1 Parsers?
As far as I can tell, .NET doesn't have an ASN.1 parser for reading or writing data built in the framework. This means that any code that creates or verifies ASN.1 data is using a 3rd party library of varying quality. Bouncy Castle, and…
makerofthings7
- 50,090
- 54
- 250
- 536
6
votes
2 answers
Scan for Vulnerabilities Without Network Connection
I have been search on the internet for some time but can't really find an answer to my question;
Is it possible (common) to scan or hack a network device (such as a router or computer) without being connected to that network?
For example, can I use…
Gavin Youker
- 1,270
- 1
- 11
- 23
6
votes
3 answers
CVEs aggregated by programming language?
Is there a way to search the CVE database by programming language?
For instance, I'd consider CVE-2015-4852 to be a Java-specific vulnerability as the scope of the vulnerability is the commons-collections Java programming language library, while…
Naftuli Kay
- 6,715
- 9
- 47
- 75