Vulnerability assessment tools automate the process of vulnerability scanning. In this video, learn about the use of scanning tools, including port scanners and vulnerability scanners, along with banner grabbing as a scanning technique.
- [Narrator] Testing systems for security issues,…is one of the most important tasks performed…by security professionals, but it can be a little tedious.…Security analysts must test for vulnerabilities,…because if they don't, hackers will.…You're much better off if you discover an issue…and correct it then if an attacker discovers it,…and exploits it.…Fortunately, vulnerability assessment tools…automate the process of vulnerability scanning.…There are three major categories of these tools,…port scanners, which simply probe a system…for open network ports, vulnerability scanners,…which check those ports for known vulnerabilities,…and application scanners that probe…deep into web applications to detect flaws.…
Port scanners are the equivalent…of rattling all the doorknobs on a server,…looking for unlocked doors.…They check all the possible 65,535 network ports…on a server to see which ones might be open.…The most popular port scanning tool…is a program called Nmap, let's give it a try.…I'm going to go ahead and run Nmap…
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A completed Learning Path of the series will be available once all the courses are released.
- Using security assessment tools
- Scanning for vulnerabilities
- Threat assessment techniques
- Performing penetration testing
- Reviewing monitor logs
- Performing code reviews
- Performing fuzz testing and misuse case testing
- Analyzing coverage
- Assessing disaster recovery sites and backups
- Testing BC/DR plans
- Collecting security process data and metrics
- Auditing and control management