Though people may call it Vulnerability Scanning, but it for more than scanning. Because it must account for full-fledged 'assessment' of vulnerabilities in itself.
In information technology, a vulnerability evaluation is the systematic analysis of security vulnerabilities. It examines if the system is vulnerable to any security vulnerabilities, defines severity levels to such vulnerabilities, and, if and whenever appropriate, recommends abatement or mitigation.
5 Common Misconceptions About Vulnerability Assessment:
Misconception #1: Vulnerability Scanning is a test that you pass
Gone are the days when you could look smart by saying that your application passed a vulnerability scanning test. The truth is no vulnerability assessment tool or person performing the tests can even find "all" of the vulnerabilities. They usually only test the obvious, more common ones.
Well, that this really means is that a vulnerability scanning was performed, results analyzed and then a context-based judgment was made to determine whether the security is adequate or not given the current circumstance.
Misconception #2: Vulnerability Scanning only brings bad news
It is hard for people to admit that they have vulnerabilities in what they've built. A developer might feel that or a security researcher or manager. But the thing is, that doesn't mean you do not perform security audits and tests. The best way to handle such situations is to make your bosses aware that you are taking the extra effort to run the application through multiple different security tests and vendors to ensure you do a much better job overall and that is what is healthy for the company in the long run. You are doing a great job by taking all the safety measures possible.
Misconception #3: Vulnerability Scanning helps eliminate all vulnerabilities
This is something I keep iterating over and over again - one security solution is not going to solve your problem, ever! Understand that every security solution is designed to address a particular set of threats. Hackers know how to keep hunting for different avenues to break into an application. The bigger reason for never relying on just one security solution is that honestly, you have no idea who is attacking you or where they are coming from or how complex their attacks are. You cannot keep them away, but you must do everything you can to keep them at bay. In fact, using multiple security solutions will also not make you completely secure. There is no such thing is completely secure. But using multiple solutions will help you become more aware and prepared for an adverse situation and that is more than half the battle won.
Misconception #4: Automated Security Testing Matches Manual Penetration Testing in Every Aspect
Many organizations these days believe solely in the abilities of automated security testing and overlook manual testing thinking that these two will achieve the same goals. But, that’s not the truth. It’s important to notice that automated security testing is only a primitive scanning process and doesn’t equal to a thorough penetration testing.
Misconception #5: All Penetration Testing Tools are the Same
The presumption that all the penetration testing tools are built the same and would all the purposes is completely wrong. Each and every tool somehow covers the basic aspects of security testing but a certain level of customization and uniqueness is always required to broaden the scope of testing. That is why testers should use a set of penetration testing solutions to achieve a required level of security.
Some of you may want to know of major Vulnerability Assessment Tools. Here are they:
-
OpenVAS
-
Nikto2
-
Acunetix
-
Arachni
-
Nmap
-
W3AF
-
Nexpose
-
Intruder
-
GoLismero
-
Netsparker
-
OpenSCAP
-
Aircrack-NG
-
Comodo HackerProof
-
SolarWinds® RMM
-
Retina CS Community
-
Nessus Professional
-
SolarWinds Network Configuration Manager
-
MBSA (Microsoft Baseline Security Analyzer)
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM