Software Testing - Vulnerability Testing

TestingGeek
Learn, Share and Keep Learning

Coming Soon
More technical articles
More Automation Tips

Case Studies

Testing Articles

Question & Conversation

Testing Challenges

More On Testing

Testing Measurement

Video Tutorials

Advertise With Us

Comments & Feedback

Vulnerability Testing

Vulnerability scanners take the concept of a port scanner to the next level. Like a port scanner, a vulnerability scanner identifies hosts and open ports, but it also provides information on the associated vulnerabilities. Most vulnerability scanners also attempt to provide information on mitigating discovered vulnerabilities.

Vulnerability scanners can also help identify out-of-date software versions, applicable patches or system upgrades, and validate compliance with, or deviations from, the organization's security policy. To accomplish this, vulnerability scanners identify operating systems and major software applications running on hosts and match them with known exposures. Scanners employ large databases of vulnerabilities to identify flaws associated with commonly used operating systems and applications.

However, vulnerability scanners have some significant weaknesses. Generally, they only identify surface vulnerabilities and are unable to address the overall risk level of a scanned network.

Since vulnerability scanners require more information than port scanners to reliably identify the vulnerabilities on a host, vulnerability scanners tend to generate significantly more network traffic than port scanners. Another significant limitation of vulnerability scanners is that they rely on constant updating of the vulnerability database in order to recognize the latest vulnerabilities.

Vulnerability scanners can be of two types: network-based scanners and host-based scanners. Network-based scanners are used primarily for mapping an organization's network and identifying open ports and related vulnerabilities. In most cases, these scanners are not limited by the operating system of targeted systems. The scanners can be installed on a single system on the network and can quickly locate and test numerous hosts. Host-based scanners have to be installed on each host to be tested and are used primarily to identify specific host operating system and application misconfigurations and vulnerabilities.

Recent Updates

A Cautionary Tale..
Pattern for automated testing of web applications
Guerrilla Testing Tips
One CPU better than two
Is It Really Done?
Exploratory Testing

Read More

Accessibility API Testing Article Backword BigBang Blackbox Blog Bottomup Boundary CaseStudies Certification DefectReport DistanceTest Equivalence FitNesse Geeks Graybox Guerrilla Testing Tips GUI HTA Humor Hybrid Internationalization Installation Integration Is it done? JUnit Measurement Mercury Quality Centre News One CPU better than two Patent PatternForAutomation Performace Checklist Rational Test Suite Regression Requirement Verification Research Rational Functional Tester Security Selenium SilkTest System Testing Templates TestComplete Tools Testing Types Testing Tools In News Testing Terms In News Testometer Test Plan TG Tips For Automation Top Down Integration Trait UAT UI Testing CheckList Unit Testing Usability VMWare Web Application Security Web Application Testing Checklist Whitebox Testing

Disclaimer | Privacy Policy | g e e k AT T e s t i n g G e e k DOT c o m
� Copyright 2008, www.TestingGeek.com