Basic Security Testing with OpenVAS and Penetration Testing

Basic Security Testing with OpenVAS and Penetration Testing

Download : Basic Security Testing with OpenVAS and Penetration Testing

File Size690 MB

Description

OpenVAS dates back to 2009 and the project is maintained by a commercial/open-source company. With its focus on the enterprise market and its long history, any risks of enterprises adopting a technology that might become abandoned are greatly reduced.

Here are some notable positives of OpenVAS/GVM:

  • Has a long history (since 2009) with daily updates and over 50,000 vulnerability tests
  • Is backed by an enterprise software-security company
  • Can perform various types of authenticated/unauthenticated tests
  • Supports a variety of high- and low-level Internet and industrial protocols
  • Has an internal programming language that can be used for implementing custom vulnerability tests

Vulnerability scanning is one of the foundations of standard enterprise security. An enterprise with a good security posture will have: a firewall, some type of asset-mapping, a vulnerability scanner and possibly even a security team that does some type of pentesting. Keep in mind that the list above is not exhaustive, but the rudimentary outline of an enterprise with a few good security measures in place.

Vulnerability scanners, in particular, are critical for ensuring that any threats that may have made it past the firewall are picked up before they can infect and destroy entire networks.

The enterprise/proprietary vulnerability scanner market is filled with competitors (such as QualysGuard or Nessus), and while some companies prefer running proprietary enterprise scanners, there are also many companies that prefer using collective intelligence and open source scanners.

One such product is OpenVAS (now renamed Greenbone Vulnerability Management or GVM). In this post we’ll refer to OpenVAS/GVM

0
Information
At is allowed to comment articles only within 10 days from the date of publication.