A piece of software and or hardware designed to detect the presence of vulnerabilities in an IT system.
Questions tagged [vulnerability-scanners]
395 questions
5
votes
3 answers
Is "untrusted code" reported by DOM Snitch a vulnerability?
One of the most frequent errors that DOM Snitch finds in sites is Untrusted code. He finds it in google.com for example. Here is an output of this tool:
Is it a vulnerability?
Edit: This report of DOM Snitch was caused by enabled Skype Click to…
Andrei Botalov
- 5,267
- 10
- 45
- 73
5
votes
2 answers
Received UDP packet with IP ID of zero:
I am scanning a host in our network with Nexpose and one of the vulnerabilities reported is
Received UDP packet with IP ID of zero:
IPv4 SRC[10.0.0.5] TGT[127.0.0.1]
TOS[192] TTL[64] Flags[40] Proto[17] ID[0] FragOff[0]
HDR-LENGTH[20]…
LUser
- 824
- 6
- 12
4
votes
3 answers
Is there a process to identify threats related to a deployments?
I read about application threat modeling which makes a software products secure from its initial stages (SDLC). But if we do something wrong in the deployment phase still that will be an issue.
For example, a sysadmin opens a port in the firewall…
Thilina
- 153
- 3
4
votes
1 answer
Approach business(es) with security vulnerabilities
As a security researcher, I have become familiar with different related tools and software packages.
The other day, I opened up one of those software packages and was attempting to attack a personal wifi network with a WPS attack to asses the…
J05H
- 143
- 4
4
votes
2 answers
How to use a port scanner in a hostile manner
Port scanners like nessus and openvas are basically used to identify the vulnerabilities of the network. My question is if someone with bad intentions is able to use these legal tools in a more hostile way? If this is possible which I think it is,…
dimitrisd
- 143
- 4
4
votes
2 answers
The effect of hidden or spoofed service banners on vulnerability scanners
The linked question relates to error pages, although the same information is often available in HTTP headers, if I follow best practise of hiding service banners:
Is displaying what server I am running on the error pages a security risk?
would I be…
SilverlightFox
- 33,408
- 6
- 67
- 178
4
votes
1 answer
I don't quite understand the principle of "use after free" and CVE-2010-1119
I am a rookie hacker studying android vulnerabilities. My partner and I are studying "CVE-2010-1119".
Unfortunately there does not appear to be enough information online. Could anyone please help me describe the principle of the vulnerability,…
user34548
- 41
- 2
4
votes
1 answer
If you want to implement a XSS scanner, is it absolutely necessary to use a JS interpreter? Why?
In a recent discussion about a security vulnerability scanner that returns false positives for XSS detection, I noticed that the scanner just inject a string like "this_is_my_string_" (without the double quotes) and if it sees the string in the HTML…
kinunt
- 2,759
- 2
- 23
- 30
4
votes
1 answer
Nessus HTML5 version 5.0.3 - PCI Scan
I've been searching for a couple days, even contacting support, to find out if Nessus has a bundle that scans for PCI compliance. It selects all 44 categories and regardless of what kind of scan I create (under policies) this is the default…
lbakerit
- 71
- 3
4
votes
3 answers
How to use information from GHDB and FSDB (Google-Dorks)?
I am new to information security and analysis.
Recently, I came across FSDB (Foundstone database) and GHDB (Google Hacking database) while exploring the McAfee Foundstone Sitedigger tool.
What are FSDB and GHDB? And importantly, how can I use the…
fortytwo
- 225
- 3
- 7
4
votes
1 answer
How can I find a CVE ID for "No Translation Available" entries in Foundstone or McAfee Vulnerability Manager?
On a recent scan using McAfee Foundstone Enterprise (newer versions are known as McAfee Vulnerability Manager), I ran into a "No Translation Available" error.
It's rather frustrating that these errors leave me without any specific description or…
Iszi
- 26,997
- 18
- 98
- 163
4
votes
4 answers
Is it good practice to disable firewall rules for vulnerability scanners?
I've been asked to ensure that our vulnerability scanning tools (like Qualys, Nexpose) are able to reach all of our AWS EC2 instances, on all ports and protocols.
Today they are limited by the current security groups (which generally allow either no…
4
votes
3 answers
How to figure out which open ports or services are insecure?
We have around one thousand machines on internet. We do port scanning with nmap, and find many ports open on these machines. Sometime we found administrative website using HTTP instead of HTTPS, we would block it.
But there are many other ports…
user15580
- 767
- 3
- 11
- 15
4
votes
1 answer
Conceptual design of vulnerability scanning program in global retail network (PCI DSS)
I am trying to design yearly program to scan for vulnerabilities on a very large network of payment terminals.
The company has thousands of retail points all around the world which need to be scanned for vulnerabilities. More specifically, we need…
Arthur
- 41
- 2
4
votes
2 answers
OpenVAS won't generate SCAP Database
To deploy OpenVAS to Virtual machines I've been using Ansible for a while and it worked pretty well. Now today I wanted to deploy it to another machine but the openvas-check-setup script keeps telling me that the setup isn't yet finished because the…
davidb
- 4,285
- 3
- 19
- 31