Vulnerability scanning and analysis is the process that detects and assesses the vulnerabilities that exist within a network infrastructure.
To prevent security breaches, it is important to identify and remediate security holes and vulnerabilities that can expose an asset to an attack.
You can use Nexpose to scan a network for vulnerabilities.
Nexpose identifies the active services, open ports, and running applications on each machine and it attempts to find vulnerabilities that may exist.
Nexpose discloses the results in a scan report, which helps you to prioritize vulnerabilities, based on the risk factors and determine the most effective solution to implement.
Introduction to Vulnerability Scanning and Reporting
In this session, we will learn how we can run the vulnerability scan using Nexpose, and how to generate vulnerability reports.
Nexpose - What is it?
Rapid7 Nexpose is a vulnerability scanner that aims to support the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting, and mitigation. It integrates with Rapid7's Metasploit for vulnerability exploitation. It is sold as standalone software, an appliance, virtual machine, or as a managed service or private cloud deployment. User interaction is through a web browser. There is a free but limited community edition as well as commercial versions, which start at $2,000 per user per year.
You can download it from-
Nexpose is one of the leading vulnerability assessment tools. It operates across physical, virtual, cloud and mobile environments, to discover the active services, open ports and running applications on each machine, and it tries to identify vulnerabilities that may exist, based on the attributes of the known services and applications. Nexpose discloses the results into scan reports, which helps to prioritize the vulnerabilities, based on the risk factor and determine the most effective solution to be implemented.
Some Terminologies
Assets- A host on a network
Site -A logical group of assets that has a dedicated scan engine
Scan Template - A template that defines the audit level that Nexpose uses to perform a vulnerability scan
Local Scan Engine - Scan Engines are responsible for performing scan jobs on your assets
Post a Comment