Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.
Transcript of Vulnerability scanner
kind of vulnerabilities How to detect them How to fix them (or exploit...) - - - Summary - Why using a vulnerability scanner - How does a vulnerability scanner work - What is a vulnerability - How to detect it: vulnerability scanner - Conclusion relationship between threat agent and business impact - Who use it What is a vulnerability? Vulnerability: Weakness in the security system Threat: set of circumstances that has the potential to cause loss or harm control: action, device, procedure, or technique that removes or reduces a vulnerability Vulnerability Scanner Vulnerability Scanner: computer program designed to assess computers, computer systems, networks or applications for weaknesses Types of Vulnerability Scanners: Port Scanner Web Application Security Scanner Port scanner: software application designed to probe a server or host for open ports Port scan: Action of looking for an active port and testing a known vulnerability of that service Port scanning types: - TCP Scanning - SYN Scanning - UDP Scanning - ACK Scanning Web application security scanner: program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses Wide variety of vulnerabilities: - Input/Output validation:
(Cross-site scripting, SQL Injection, etc.)
- Specific application problems
- Server configuration mistakes/errors/version (Niktos) ( Nmap, Nessus, SAINT, OpenVAS) - Network enumerator
- Network vulnerability scanner
- Database security scanner
- Computer worm
- CGI Scanner
- Web application security scanner
- Port scanner Why using a vulnerability scanner? How does it work ? Who is online and accessible ? What kind of Operating system is running ? Services availables and detection Port opened ? Report - Vulnerabilities database
- Scanner engine
- Report engine
- User interface Who use it ? used by the both sides.
- companies : fix the vulnerabilities.
- hackers, script-kiddies : exploit the vulnerabilities. Conclusion - They are useful but can not be sufficient to consider a system secure: Any Question? - FIN Scanning - A vulnerability scanner is a program that automates the detection of weaknesses in a computer system - They can be, associated with penetration test, a useful and low-cost way to
protect a system. - False positive - False negative - Only known vulnerabilities can be detected