From the course: Performing a Technical Security Audit and Assessment

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Scan for vulnerabilities

Scan for vulnerabilities

From the course: Performing a Technical Security Audit and Assessment

Start my 1-month free trial

Scan for vulnerabilities

- After network devices have been discovered, important services have been identified, the next step is to scan the devices for vulnerabilities. This is accomplished with applications designed to find outdated software, missing patches, and misconfigurations on target systems. Vulnerability scanners can also be used to validate system compliance with internal configuration standards or external security standards, such as the ISO/IEC 27001. Vulnerability scanners are primarily pattern or signature-based. That means they check the current state of systems for known vulnerabilities as published in reliable sources like the Common Vulnerabilities and Exposures Database. One of the advantages of signature-based vulnerability scanners is that results are consistent because the patterns the software is checking for either exist or they don't. However, because new vulnerabilities are frequently discovered, the signature database in the software must be updated frequently. If…

Contents