1
00:00:00,270 --> 00:00:07,380
‫Vulnerability scan is one of the most important parts of a penetration test or ethical hacking, vulnerability

2
00:00:07,380 --> 00:00:14,940
‫scanning is an inspection of the potential points of compromising on a computer network to identify

3
00:00:14,940 --> 00:00:15,810
‫security holes.

4
00:00:16,820 --> 00:00:23,660
‫A vulnerability scan detects and classifies system weaknesses and computers, networks and network devices

5
00:00:23,840 --> 00:00:27,260
‫and predict the effectiveness of countermeasures.

6
00:00:27,860 --> 00:00:30,620
‫So let's think about the term vulnerability.

7
00:00:30,650 --> 00:00:36,740
‫First, I want to show you two vulnerability definitions from two important documents.

8
00:00:37,190 --> 00:00:45,080
‫The first document, ISO 27 zero five, is the name of the Prime 27000 series standard covering information

9
00:00:45,080 --> 00:00:46,490
‫security risk management.

10
00:00:47,460 --> 00:00:53,820
‫The standard provides guidelines for information security risk management icecream in an organization

11
00:00:54,180 --> 00:01:00,510
‫specifically supporting the requirements of an information security management system defined by ISO

12
00:01:00,510 --> 00:01:02,250
‫27 zero zero one.

13
00:01:02,550 --> 00:01:05,580
‫So according to ISO 27 zero zero five.

14
00:01:06,660 --> 00:01:13,970
‫Vulnerability is a weakness of an asset or group of assets that can be exploited by one or more threats.

15
00:01:16,090 --> 00:01:18,450
‫The second document is published by Mist.

16
00:01:19,030 --> 00:01:21,940
‫That's the National Institute of Standards and Technology.

17
00:01:22,720 --> 00:01:30,250
‫Nest is a measurement standards laboratory and a non regulatory agency of the United States Department

18
00:01:30,250 --> 00:01:30,820
‫of Commerce.

19
00:01:31,890 --> 00:01:36,060
‫Its mission is to promote innovation and industrial competitiveness.

20
00:01:36,780 --> 00:01:42,450
‫Nest has very good guides about cyber security, so if you were a cyber security personnel, you should

21
00:01:42,450 --> 00:01:44,280
‫definitely keep your eyes on this.

22
00:01:44,880 --> 00:01:51,810
‫So according to Nest, vulnerability is a flaw or weakness in a system security procedures, design,

23
00:01:51,810 --> 00:01:59,070
‫implementation or internal controls that could be exercised, accidentally triggered or intentionally

24
00:01:59,070 --> 00:02:06,360
‫exploited, and result in a security breach or a violation of the system's security policy.

25
00:02:07,380 --> 00:02:10,020
‫Let's see the basic vulnerability detection methods.

26
00:02:11,400 --> 00:02:17,400
‫By looking at an applications banner information or by obtaining version information of the application,

27
00:02:18,060 --> 00:02:21,960
‫it is possible to know about potential weaknesses in that application.

28
00:02:23,430 --> 00:02:29,460
‫The weaknesses found in certain versions of the applications are detected over time, and this information

29
00:02:29,460 --> 00:02:32,520
‫is collected in vulnerability databases.

30
00:02:33,470 --> 00:02:39,650
‫By looking at these databases, you may have information about whether there is a weakness in that application.

31
00:02:41,010 --> 00:02:46,020
‫Now, protocols used by the application and communication with a client may have vulnerabilities.

32
00:02:46,710 --> 00:02:52,770
‫In this case, the application can be exploited a weak encryption algorithm in communication as an example.

33
00:02:54,040 --> 00:02:59,020
‫The vulnerability scanners send different types of packets over the network.

34
00:02:59,980 --> 00:03:05,470
‫It examines the behavior of the service against these package and examines whether these behaviors are

35
00:03:05,470 --> 00:03:08,470
‫similar to the behaviors of the vulnerable services.

36
00:03:09,710 --> 00:03:13,130
‫Wrong configurations may cause vulnerabilities and weaknesses.

37
00:03:13,970 --> 00:03:19,010
‫For example, if you configure your web applications authentication mechanism to allow three character

38
00:03:19,010 --> 00:03:19,670
‫passwords.

39
00:03:20,710 --> 00:03:23,590
‫It can very easily be cracked by attackers.

40
00:03:23,650 --> 00:03:30,490
‫A vulnerability scanner is a software program designed to assess computers, computer systems, networks

41
00:03:30,490 --> 00:03:34,220
‫or applications for known weaknesses and plain words.

42
00:03:34,240 --> 00:03:38,650
‫These scanners are used to discover the weak points or poorly constructed parts.

43
00:03:39,660 --> 00:03:45,900
‫It's utilized for the identification and detection of vulnerabilities relating to misconfigured assets

44
00:03:46,260 --> 00:03:53,220
‫or flawed software that resides on a network based asset such as firewall or router, web, server,

45
00:03:53,220 --> 00:03:54,930
‫application server, et cetera.

46
00:03:57,090 --> 00:03:59,550
‫There are a lot of vulnerability scanners.

47
00:04:00,240 --> 00:04:02,040
‫Some of them are listed in the slide.

48
00:04:03,670 --> 00:04:06,970
‫We have seen and map in previous lectures as a network scanner.

49
00:04:07,630 --> 00:04:12,730
‫And we also learnt that with the help of end map scripting engine NRSI, it's possible to use and map

50
00:04:13,060 --> 00:04:14,800
‫as a simple vulnerability scanner.

51
00:04:15,990 --> 00:04:20,520
‫Nurses is one of the most popular and capable vulnerability scanners.

52
00:04:21,500 --> 00:04:23,840
‫We'll see it in detail in the next lecture.

53
00:04:25,020 --> 00:04:31,890
‫Microsoft Baseline Security Analyzer provides a streamlined method to identify missing security updates

54
00:04:31,890 --> 00:04:34,470
‫and common security misconfigurations.

55
00:04:35,160 --> 00:04:41,190
‫It's only for Microsoft systems and we have to say that it's not an overall vulnerability scanner at

56
00:04:41,190 --> 00:04:41,610
‫all.

57
00:04:41,940 --> 00:04:47,520
‫But no matter what, if you have Windows systems in your network, it would be better if you use Microsoft

58
00:04:47,520 --> 00:04:49,020
‫Baseline Security Analyzer.

59
00:04:50,570 --> 00:04:58,250
‫Next, Posey is a commercial tool developed by Rapid7, which are the producers of Metasploit Framework.

60
00:04:59,330 --> 00:05:04,610
‫It is a vulnerability scanner which aims to support the entire vulnerability management lifecycle,

61
00:05:05,150 --> 00:05:13,250
‫including discovery, detection, verification, risk classification, impact analysis, reporting and

62
00:05:13,250 --> 00:05:14,030
‫mitigation.

63
00:05:14,360 --> 00:05:18,230
‫It integrates with Metasploit for vulnerability exploitation.

64
00:05:19,870 --> 00:05:26,620
‫Open Voss is an open source vulnerability scanner that was forked from the last free version of nesses

65
00:05:26,860 --> 00:05:29,980
‫after that tool went proprietary in 2005.

66
00:05:31,180 --> 00:05:37,960
‫S. is a commercial vulnerability assessment tool like Nessus, it used to be free and open source,

67
00:05:37,960 --> 00:05:39,790
‫but is now a commercial product.

68
00:05:40,240 --> 00:05:45,970
‫Unlike an exposé and koalas, Guard St runs on Linux and Mac OS X.

69
00:05:46,330 --> 00:05:53,230
‫In fact, S. is one of the few scanner vendors that don't support or run on windows at all.

70
00:05:54,510 --> 00:05:55,950
‫GFI land guard.

71
00:05:56,890 --> 00:06:03,370
‫Is a network security and vulnerability scanner designed to help with patch management network and software

72
00:06:03,370 --> 00:06:05,830
‫audits and vulnerability assessments.

73
00:06:06,730 --> 00:06:09,910
‫The price is based on the number of IP addresses you wish to scan.

74
00:06:10,600 --> 00:06:15,010
‫A free trial version up to five IP addresses is available.

75
00:06:16,550 --> 00:06:22,910
‫This guard is a popular code based SARS software as a service vulnerability management offering.

76
00:06:22,910 --> 00:06:29,540
‫Its web based UI offers network discovery and mapping, asset prioritization, vulnerability assessment

77
00:06:29,540 --> 00:06:33,620
‫reporting and remediation tracking according to business risk.

78
00:06:34,660 --> 00:06:42,070
‫Secunia personal software inspector is a free security tool designed to detect vulnerable and outdated

79
00:06:42,070 --> 00:06:45,430
‫programs and plug ins that expose your PC to attacks.

80
00:06:46,520 --> 00:06:52,850
‫Attacks exploiting vulnerable programs and plug ins are rarely blocked by traditional antivirus programs.

81
00:06:53,210 --> 00:07:00,710
‫Secunia PSI checks only the machine it is running on, while its commercial sibling Secunia CSI corporate

82
00:07:00,710 --> 00:07:01,970
‫software inspector.

83
00:07:02,150 --> 00:07:08,360
‫I know you TV fans are thinking anyway that scans on multiple machines on a network.

84
00:07:09,860 --> 00:07:16,190
‫So a vulnerability database is a platform aimed at collecting, maintaining and disseminating information

85
00:07:16,190 --> 00:07:20,270
‫about discovered vulnerabilities targeting real computer systems.

86
00:07:20,930 --> 00:07:26,900
‫The database will customarily describe the identified vulnerability, assess the potential infliction

87
00:07:26,900 --> 00:07:31,850
‫on computer systems and the workaround required to assist a hacker.

88
00:07:32,090 --> 00:07:35,720
‫Now here are the most known vulnerability databases.

89
00:07:37,730 --> 00:07:44,450
‫Open sourced vulnerability database OS viBed was an independent and open source database.

90
00:07:45,740 --> 00:07:51,860
‫The goal of the project was to provide accurate, detailed, current and unbiased technical information

91
00:07:51,860 --> 00:07:53,480
‫on security vulnerabilities.

92
00:07:54,200 --> 00:07:59,210
‫The project promoted greater and more open collaboration between companies and individuals.

93
00:08:00,020 --> 00:08:07,250
‫The project was started in August 2002 at the Black Hat and DEFCON conferences by several industry notables

94
00:08:07,670 --> 00:08:10,070
‫on the 5th of April 2016.

95
00:08:10,100 --> 00:08:13,790
‫The database was shut down, although the blog will continue.

96
00:08:15,110 --> 00:08:21,290
‫The national vulnerability database is the U.S. government repository of standards based vulnerability

97
00:08:21,290 --> 00:08:26,660
‫management data represented using the security content automation protocol scab.

98
00:08:27,900 --> 00:08:34,380
‫This data enables automation of vulnerability management, as well as security measurement and compliance.

99
00:08:35,500 --> 00:08:42,550
‫Envied includes databases of security checklists, security related software, flaws, misconfigurations,

100
00:08:42,550 --> 00:08:45,190
‫product names and impact metrics.

101
00:08:47,010 --> 00:08:53,580
‫CV details Dot Com is a free CV security vulnerability database information source.

102
00:08:54,450 --> 00:09:01,680
‫You can view CV vulnerability details, exploit references, Metasploit modules, a full list of vulnerable

103
00:09:01,680 --> 00:09:07,290
‫products and CVSS score reports and vulnerability trends over time.

104
00:09:08,250 --> 00:09:15,780
‫CBE, common vulnerabilities and exposures is the system that provides a reference method for publicly

105
00:09:15,780 --> 00:09:19,110
‫known information security vulnerabilities and exposures.