Vulnerability Scanning Concepts

Passively Test Security Controls

Security testing that does not involve any direct interaction with the targets, such as sending packets to a target.

Define Vulnerability

Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

Define Lack of Security Controls

The lack of adequate security controls represents a vulnerability, exposing sensitive information and data to the risk of malicious damage, attack or unauthorized access by hackers, resulting in loss of sensitive information, which could lead to the loss of goodwill for the organization.

Define Common Misconfigurations

Some common security misconfigurations include: Unpatched systems. Using default account credentials (i.e., usernames and passwords) Unprotected files and directories.

Define Intrusive

Intrusive scanning actually tries to exploit the vulnerabilities the scanner is looking for.

Define Non-Intrusive

Nonintrusive methods generally include a simple scan of the target system's attributes (e.g., inspecting the file system for specific files or file versions, checking the registry for specific values, scanning for missing security updates, port scanning to discover which services are listening).

Define Credentialed

Credentialed scans, which make use of the admin account, do a more thorough check by looking for problems that cannot be seen from the network.

Define Non-Credentialed

Non-credentialed scans provide a quick view of vulnerabilities by only looking at network services exposed by the host.

Define False Positive

An alert that incorrectly indicates that a vulnerability is present.