There is not one assessment testing tool that will cover every area to be tested. It is important to understand the goals and objectives of the organization; to gather information about the systems, network, and applications; and then to determine the best tools to make a comprehensive plan to correct security problems that are identified. Testing only one area of a system will not be sufficient to expose all vulnerabilities that exist.
Authenticated Scans
Authenticated scans, also referred to as credentialed scans, are performed by providing user credentials. Depending on the credentials used, these scans can result in much more detailed and accurate scan results.
Authenticated scans are able to scan system configurations, installed software, user-specific settings, access controls, and permissions.
Because these scans require valid credentials, they can be difficult to perform and are very time consuming.
Unauthenticated Scans
Unauthenticated scans are performed without providing any user credentials. These scans are typically performed remotely on a public-facing resource such as a web server or web application.
These scans will reveal any potential vulnerabilities that can be exploited without any credentialed access. They are typically less resource intensive and quicker to perform.
Active Scans
An active scan transmits to the nodes within a network to determine exposed ports and services. It can also simulate an attack to test for vulnerabilities. The results of these scans can be used to determine a plan of action for remediating any open vulnerabilities that are discovered.
Passive Scans
A passive scan tries to find vulnerabilities without directly interacting with the target network. The scan identifies vulnerabilities via information exposed by systems in their normal communications. The scanner can be set to scan constantly or at specific times.
Manual Assessments
Sometimes even the best scanning tools and processes will still miss potential vulnerabilities. The PenTester should also perform a manual assessment during this phase. In a manual assessment, the PenTester manually reviews and analyzes systems and applications for security vulnerabilities.
Some examples of manual assessment techniques include the following:
-
Manually reviewing source code or webpage code to identify flaws.
-
Reviewing configuration settings on host systems and servers to identify potential security issues.
-
Testing applications manually to identify vulnerabilities such as cross-site scripting and SQL injection attacks.
-
Reviewing log files to identify anything out of the ordinary that might point to potential vulnerabilities or misconfigurations. #scanning overview