Chapter 14. Automated Vulnerability Detection

Vulnerability assessment tools, also known as scanners, should be part of any good penetration tester’s toolkit and should certainly be part of security management practices. In some circles, scanners have a bad name because consultants misuse them. Many people have been in the practice of running a commercial scanning tool, reformatting the results, and selling those results to customers as a penetration test. However, running a scanning tool is only the first step of conducting a thorough penetration test. To really get to the bottom of what the information means, you have to follow up. The scanner might find the initial hole, but you need to do the rest of the work yourself—for example, that share ...

Get Assessing Network Security now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.