30 Days of Security Testing – Day Four

The challenge for Day Four is – Learn anything about Vulnerability Scanning


For this challenge I read a good article comparing the difference between vulnerability scans vs penetration testing.

A vulnerability scan searches an application for vulnerable ports and known vulnerabilities, then often produces a report listing the vulnerabilities in order of severity.

A vulnerability scan is a very helpful tool to get a surface level look at areas of your app that should get extra attention.

However, it’s risky to rely too heavily on a vulnerability scan as you’ll run the risk of missing “unknown vulnerabilities” that require human interaction.

The scan will run a set of checks – not tests.  It will check if ports are open, known vulnerable configurations are set etc but stops once it has noticed the vulnerability, it doesn’t push forward to test the impact of the vulnerability or look for areas outside of it’s specifications.

 


 

Thanks for reading my post and following my progress through the 30 Days of Security Testing.

For more on Security Testing please visit here  or any of my other ramblings visit here

Feel like joining in? Sign into the WeTest Slack group and get involved!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: