Penetration Testing: Vulnerability Scanners

  • 367
  •  
  •  
  • 1
  •  
  •  
  •  
    368
    Shares

Vulnerability scanners are automated tools used to discover security vulnerabilities affecting a given system or application.

Vulnerability scanners typically work by fingerprinting a target’s operating system (that is, recognizing the version and type) as well as any services that are running. Once you have fingerprinted the target’s operating system, you use the vulnerability scanner tool to execute specific tests (by sending different requests) to decide whether vulnerabilities exist or not. Of course, these tests are only as good as their authors, and, as with any completely automated solution, they can sometimes miss or misrepresent vulnerabilities on a system.

Most modern vulnerability scanners do an amazing job of minimizing false positives, and many organizations use them to identify out-of-date systems or potential new exposures that might be exploited by attackers.

Vulnerability scanners represent a very important role in penetration testing, particularly in the case of overt testing, which enables you to launch multiple attacks without having to worry about avoiding detection. The results of tests gleaned from vulnerability scanners can be priceless, but beware of depending on them too heavily.

The beauty of a penetration test is that it can’t be automated, and attacking systems successfully needs that you have knowledge and skills. In most situations, when you become an experienced penetration tester, you will rarely use a vulnerability scanner but will depend on your knowledge and expertise to compromise a system.

The following two tabs change content below.
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!