Skip to content
- Topic 106.1 – Using Vulnerability Scanners
- Topic 106.2 – Source Code Scanners
- Topic 106.3 – Web Application Scanners
Topic 106.1 – Using Vulnerability Scanners
- RULE : A vulnerability scanner is a software application that automates the task of checking computers, network devices, peripherals, mobile devices, etc. for known weaknesses and exploits.
- RULE : Vulnerability scanners should be constantly updated in order to check for the latest attack vectors.
- RULE : Vulnerability scanning software can be used for both offensive and defensive security assessments.
- RULE : The default configuration of Vulnerability scanners typically will you get noticed by the defensive security teams by both the volume and type of traffic that they generate.
- RULE : Some vulnerability scanners are free, such as these:
- OpenVAS, not pretty to look at, but it’s free.
- Rapid7 Nexpose Community Edition, only 32 IPs.
- RULE : Some vulnerability scanners have subscription based licensing and are installed on your laptop:
- Nessus Professional, unlimited IP scans, annual cost is $2190. Gingsoft recommends this one for the money.
- Retina, unlimited IP scans, annual cost is $1700.
- Rapid7 Nexpose Consultant Edition, the cost is too stupid to mention (5 times as much Nessus) and the performance is pretty bad.
- RULE : Some vulnerability scanners are cloud based:
- Acunetix, single IP $345 up to 50 IP addresses cost over $10,000.
- Nessus Cloud, annually starting at nearly $3000 and you can only 128 IP addresses.
Topic 106.2 – Source Code Scanners
- RULE : Source code scanners are used to audit source code for security vulnerabilities.
- RULE : Source code scanners can look for potential vulnerabilities:
- Buffer overflows
- Cross-site scripting (a.k.a. XSS).
- Hard coded usernames and passwords.
- Insecure files includes.
- Privilege escalations
- Race conditions.
- SQL injection.
- Un-validated user input.
- RULE : Open source (free) source code scanners are:
- Brakeman, scans Ruby on Rails (RoR) applications.
- Codesake Dawn, scans Padrino, Sinatra and Ruby on Rails (RoR) applications.
- FindBugs, scans Java applications.
- Flawfinder, scans C and C++ applications.
- FxCop, scans the .NET Framework CLR.
- Google CodeSearchDiggity, uses Google hacking techniques to find vulnerabilities in open source code projects hosted by Google Code, MS CodePlex, SourceForge, Github, etc.
- OWASP SWAAT Project, scans ASP .Net, Java, and PHP applications.
- PreFast, scans C and C++ applications.
- RATS, scans C, C++, Perl, PHP and Python applications.
- RIPS, PHP applications.
- VCG, scans C, C++, C#, Java, PL/SQL applications.
- RULE : Commercial source code scanning services are:
Topic 106.3 – Web Application Scanners
- RULE : Free open source web application scanners