Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Vulnerability scanner

Secu Long Beach

Bing Wejnka

on 16 May 2011

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Vulnerability scanner

Vulnerability scanner CECS 478/578 Introduction to Computer Security Presentation Sebastien Deveza Jonathan Durand Introduction Why did we choose this topic? to learn more about the different
kind of vulnerabilities How to detect them How to fix them (or exploit...) - - - Summary - Why using a vulnerability scanner - How does a vulnerability scanner work - What is a vulnerability - How to detect it: vulnerability scanner - Conclusion relationship between threat agent and business impact - Who use it What is a vulnerability? Vulnerability: Weakness in the security system Threat: set of circumstances that has the potential to cause loss or harm control: action, device, procedure, or technique that removes or reduces a vulnerability Vulnerability Scanner Vulnerability Scanner: computer program designed to assess computers, computer systems, networks or applications for weaknesses Types of Vulnerability Scanners: Port Scanner Web Application Security Scanner Port scanner: software application designed to probe a server or host for open ports Port scan: Action of looking for an active port and testing a known vulnerability of that service Port scanning types: - TCP Scanning - SYN Scanning - UDP Scanning - ACK Scanning Web application security scanner: program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses Wide variety of vulnerabilities: - Input/Output validation:
(Cross-site scripting, SQL Injection, etc.)
- Specific application problems
- Server configuration mistakes/errors/version (Niktos) ( Nmap, Nessus, SAINT, OpenVAS) - Network enumerator
- Network vulnerability scanner
- Database security scanner
- Computer worm
- CGI Scanner
- Web application security scanner
- Port scanner Why using a vulnerability scanner? How does it work ? Who is online and accessible ? What kind of Operating system is running ? Services availables and detection Port opened ? Report - Vulnerabilities database
- Scanner engine
- Report engine
- User interface Who use it ? used by the both sides.
- companies : fix the vulnerabilities.
- hackers, script-kiddies : exploit the vulnerabilities. Conclusion - They are useful but can not be sufficient to consider a system secure: Any Question? - FIN Scanning - A vulnerability scanner is a program that automates the detection of weaknesses in a computer system - They can be, associated with penetration test, a useful and low-cost way to
protect a system. - False positive - False negative - Only known vulnerabilities can be detected
Full transcript