Vulnerability Assessment Tools

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
10 hours 25 minutes
Difficulty
Beginner
CEU/CPE
11
Video Transcription
00:00
>> Hi, everyone. Welcome back to the course.
00:00
In the last video, we talked about
00:00
the vulnerability management life cycle.
00:00
In this video, we're going to talk about
00:00
some different tools around vulnerabilities.
00:00
So we'll talk about some tools.
00:00
I want to mention that it's not
00:00
an endorsement of these tools and then
00:00
we're also going to talk about the basic types
00:00
of vulnerability assessment tools.
00:00
We'll also talk through CVSS, CVE, and NVD.
00:00
So we'll actually learn what those will
00:00
stand for in this particular video.
00:00
Let's talk through the different types
00:00
of vulnerability assessment tools.
00:00
We have host-based.
00:00
This one is pretty self-explanatory.
00:00
This is going to run on
00:00
your particular host computer or host system,
00:00
and this one basically helps us identify
00:00
what operating system are you using
00:00
and what kinds of
00:00
vulnerabilities are for that operating system.
00:00
Scope is going to be basically also testing
00:00
for vulnerabilities in the operating systems
00:00
as well as general applications.
00:00
The depth type of assessment tool
00:00
is going to look for previously unknown vulnerability.
00:00
These are things like your fuzzing tools.
00:00
Fuzzing is really an art and more advanced topic,
00:00
but basically depth is that type of tool
00:00
where we're looking at
00:00
the actual code and
00:00
trying to see if we can find vulnerabilities.
00:00
Generally speaking, it's more of a
00:00
static type of process.
00:00
We're looking at the actual code versus us
00:00
trying to run the code and see what happens.
00:00
We've got application layer.
00:00
This one is normally where we're focused more on
00:00
the web servers or the databases.
00:00
That's what we're talking about.
00:00
The application layer tools,
00:00
active versus passive scanning.
00:00
Again, active scanners are
00:00
actually checking various systems,
00:00
etc., that are consuming resources on the network.
00:00
They're doing the vulnerability scanning against those,
00:00
and then passive scanners don't really
00:00
have an impact like active scanners do on your network.
00:00
It's not going to eat up a lot of resources,
00:00
but you could still find
00:00
some general information about
00:00
what's going on in the system.
00:00
Let's talk about CVSS,
00:00
CVE, and NVD.
00:00
You might have heard some of
00:00
this terminology in the media,
00:00
especially around if they're like,
00:00
"Microsoft released a patch for CVE 5008.6," or whatever.
00:00
What we're basically talking about here is
00:00
the CVSS is a common vulnerability scoring system.
00:00
The CVSS basically gives us an open framework.
00:00
It allows us to see some characteristics or communicate
00:00
characteristics and the actual impact of
00:00
different vulnerabilities that are
00:00
out there or that we're finding out there.
00:00
They've got a rating system. It basically
00:00
goes from zero which is
00:00
no severity whatsoever for obvious reasons.
00:00
It's zero and then it goes up to 10 for the critical.
00:00
Basically it goes from nothing is going on
00:00
versus 10 being the most critical.
00:00
This is really good because it also
00:00
explains what are some of
00:00
the underlying characteristics that
00:00
caused that score to be the score.
00:00
It's a really good resource
00:00
for you to learn about vulnerabilities and
00:00
learn about how it's rated on severity,
00:00
what kind of impact a certain vulnerability can have.
00:00
It's a really good resource to go to.
00:00
Again, Common Vulnerability Scoring System or CVSS.
00:00
Then CVE is a common vulnerabilities and exposures.
00:00
Again, these are the things that you're going to see
00:00
when you hear about
00:00
a patch for Microsoft Windows or you go update software,
00:00
like on your iPhone or something.
00:00
It might say updating for CVE, whatever.
00:00
Usually you see that when
00:00
you're updating Windows software.
00:00
But that's what we're talking about there.
00:00
It's common vulnerabilities and
00:00
exposures and essentially it's a,
00:00
for lack of better words, a dictionary.
00:00
It's a dictionary of certain identifiers
00:00
around like common vulnerabilities
00:00
that we see or exposures and it really,
00:00
it's more round like the publicly known types of things.
00:00
That's why you see CVE,
00:00
whatever and then Microsoft releases a patch for it.
00:00
So it's known stuff.
00:00
The CVE database isn't going to have zero-day attacks.
00:00
So attacks that people are just finding that
00:00
haven't been publicly known in some capacity.
00:00
It's not going to have those usually,
00:00
it's just going to be things that are publicly known.
00:00
Then NVD is just a National Vulnerability Database.
00:00
This has got a lot of resources.
00:00
There's a database of
00:00
security checklist that you can reference,
00:00
there's listings of various
00:00
software flaws or vulnerabilities,
00:00
there's information about misconfigurations,
00:00
different product names that are affected.
00:00
Maybe there's a router or something that's
00:00
vulnerable and then we'll like impact.
00:00
What is the actual impact that type of
00:00
vulnerability has been having across the board?
00:00
I want to stress the NVD is
00:00
a US government sponsored thing or agency.
00:00
So just keep that in mind.
00:00
Depending on where you are in
00:00
the world listening to this,
00:00
you may or may not be able to get access to that.
00:00
So just be mindful of that.
00:00
Let's talk through some common tools that are in use.
00:00
Again, this is not an endorsement,
00:00
and this is definitely not an exhaustive list.
00:00
There's a lot of different tools out there.
00:00
Nessus professional version and there's a free version,
00:00
but the professional version is one I know a lot
00:00
of organizations is using along with Qualys as well.
00:00
Many of the organizations I'm familiar with are using
00:00
multiple applications to run
00:00
vulnerability scans because you can't disrupt one.
00:00
You need multiple resources to use.
00:00
Nikto is for the web, so websites.
00:00
Basically you see these vulnerabilities on
00:00
web servers, web applications.
00:00
OpenVAS is another popular one. It's free.
00:00
So it's a really popular one
00:00
for people that are trying to
00:00
learn a little bit more about vulnerability scanning.
00:00
In fact, in our labs,
00:00
you're going to be using OpenVAS.
00:00
You're also going to be another one called Core
00:00
Impact to practice some hands-on skills.
00:00
Just another quick quiz question for you.
00:00
CVE provides a list of product names,
00:00
software flaws, and impact metrics.
00:00
Is that true or false? We know that's false.
00:00
Again, the NVD;
00:00
the National Vulnerability Database,
00:00
that's the one that provides
00:00
that list of product names that were affected.
00:00
Various software flaws and vulnerabilities,
00:00
impact metrics and a ton of
00:00
other resources that will
00:00
be very beneficial to you as you're learning.
00:00
In this video,
00:00
we just covered vulnerability assessment tools.
00:00
Again, we talked about some of
00:00
the types of tools and then we've talked
00:00
about some of the common ones that
00:00
you might see out there in the industry.
00:00
We also talked through CVSS, CVE, and NVD.
00:00
In the next module,
00:00
as I mentioned before Module 2,
00:00
is going to be hands-on.
00:00
In the next couple of videos,
00:00
you're going to notice that I'll walk you through
00:00
the first two labs and then
00:00
I'll set you free for lack of better words and
00:00
you'll be able to go through the labs on your own.
00:00
I will have an overview video where I just talk
00:00
about this lab you're doing these things,
00:00
but I won't walk you through it step-by-step.
00:00
If you haven't downloaded the resources yet,
00:00
be sure to go to the Resource tab
00:00
on this course and download
00:00
those because you will find
00:00
step-by-step lab guys for all of those labs in there.
Up Next