Vulnerability Scanning and Analysis
Summary
Purpose
Guiding Questions
Operational Security
Preparation
Outputs
Activities
References and resources for Vulnerability Scanning and Analysis
-
Standard: "Vulnerability Analysis - Research Phase" (Penetration Testing Execution Standard)
-
Framework: "Vulnerability Assessment" (http://www.vulnerabilityassessment.co.uk)
-
Resource: Vulnerability Databases (SAFETAG)
-
Security Advisories: [^Microsoft_Security_Bulletin]^,1^,2^,3^,4^,5
-
Standard Vulnerability Analysis - Research Phase (Penetration Testing Execution Standard)
-
Framework Vulnerability Assessment (http://www.vulnerabilityassessment.co.uk)
-
Database "CVE Details"
-
Database "Threat Explorer"
-
Database "The Exploit Database"
-
Poster Ultimate Pen Test 2013 (SANS Institute)
-
Security Advisories [^Microsoft_Security_Bulletin]^,1^,2^,3^,4^,5
-
Site: "OWASP ZAP Project Site" (OWASP)
-
Guide: "The OWASP Testing Project Guide" (OWASP)
-
User Guide: "OWASP Zap User Guide" (Google Code)
-
Video Tutorials: "OWASP ZAP Tutorial Videos" (Google Code)
-
Guide: "7 Ways Vulnerability Scanners May Harm Website(s) and What To Do About It" (White Hat Sec Blog)
-
Article: "14 Best Open Source Web Application Vulnerability Scanners" (InfoSec Institute)
-
Project Site: "OpenVAS Project Site" (OpenVAS)
-
Manual: "OpenVAS Compendium" (OpenVAS)
-
Guide: "How To Use OpenVAS to Audit the Security of Remote Systems on Ubuntu 12.04" (Digital Ocean)
-
Guide: "Getting Started with OpenVAS" (Backtrack Linux)
-
Guide: "Setup and Start OpenVAS" (OpenVAS)
-
Video Guide: "Setting up OpenVAS on Kali Linux" (YouTube)
-
ListServ: "OpenVAS Discussion ListServ" (OpenVAS)
-
Comparison: "Nessus, OpenVAS and Nexpose VS Metasploitable" (HackerTarget)
- Guide: "VoIP Security Checklist" (ComputerWorld)
- Overview: "The Vulnerability of VoIP" (Symantec)
- Research: "Researchers find VoIP phones vulnerable to Simple Cyber attacks" (Security Intelligence)
- Tool: "Vsaudit (Eurialo)" (Eurialo)
- Overview: VOIP analysis Fundamentals(Wireshark)
- Tool: WireShark VOIP Capabilities
-
Guide: "Six Stages of Incident Response" (CSO Online: Anthony Caruana)
-
Guide: "Threat Hunting Project" (http://www.threathunting.net)
Vulnerability Analysis:
Vulnerability Databases:
Website Vulnerability Scanning:
System Vulnerability Scanning:
VoIP Security:
Overview: "Two attacks against VoIP" (Symantec)
Incident Handling Resources: