Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vulnerability Assessment 2012 BackTrack Workshop Upstate ISSA Chapter.

Published byBranden Wilkinson Modified over 7 years ago

Similar presentations

Presentation on theme: "Vulnerability Assessment 2012 BackTrack Workshop Upstate ISSA Chapter."— Presentation transcript:

1 Vulnerability Assessment 2012 BackTrack Workshop Upstate ISSA Chapter

2 Agenda Performing Vulnerability Assessments System VA Tools Web App Scanners

3 Performing Vulnerability Assessments Identify and catalog potential vulnerabilities Associate level of risk with each potential vulnerability Examine possible attack vectors and attack chains to determine probability Prioritize remediation efforts

4 Associating Risk Level

5 System VA Tools OpenVAS  Now with Greenbone! Nessus NeXpose

6 OpenVAS Configuring OpenVAS Running an OpenVAS Scan Greenbone Security Assistant

7 Configuring OpenVAS 1. Add an OpenVAS user 2. Create the OpenVAS server certificate 3. Synchronize OpenVAS database 4. Start the OpenVAS scanner 5. Check the OpenVAS configuration openvas-check-setup

8 Configuring OpenVAS 6. Configure OpenVAS Manager openvas-mkcert-client –n om –i 7. Rebuild OpenVAS Database openvasmd –rebuild 8. Add OepnVAS Admin Openvasad –c ‘add_user’ –n openvasadmin –r Admin

9 Configuring OpenVAS 9. Start the OpenVAS Manager openvasmd –p 9390 –a 127.0.0.1 10. Start the OpenVAS Administrator openvasad –a 127.0.0.1 –p 9393 11. Start the Greenbone Security Assistant gsad –http-only –listen=127.0.0.1 –p 9392

10 Greenbone Security Assistant

11

12

13 Nessus Installing Nessus on BackTrack Default Nessus Scan Customizing Nessus Policies

14 Installing Nessus on Backtrack Download Nessus Ubuntu Source from www.nessus.org www.nessus.org Install Nessus dpkg –i Nessus-5.0.1-ubuntu910_i386.deb Verify Nessus version nessus-fetch --version Register your serial number nessus-fetch –register SERIAL-NUMBER

15 Default Nessus Scan

16

17

18 Customizing Nessus Policies

19 NeXpose Community edition for up to 32 IPs

20 Web App Scanners nikto w3af

21 nikto./nikto.pl –h 192.168.1.112

22 w3af

23 Bookmarks openvas.org tenable.com rapid7.com securitystreet.com owasp.org cyberarms.wordpress.com

Download ppt "Vulnerability Assessment 2012 BackTrack Workshop Upstate ISSA Chapter."

Similar presentations

Annotated User Input Screens from EM Oracle Custom Install Install.

Annotated User Input Screens from EM Oracle Custom Install Install.
Configuring Windows to run Dr.Web scanner remotely.

Configuring Windows to run Dr.Web scanner remotely.
Self-Validation Tech Guide

Self-Validation Tech Guide
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Vulnerability Assessments with Nessus 3 Columbia Area LUG January 10 2007.

Vulnerability Assessments with Nessus 3 Columbia Area LUG January
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
OpenVAS Vulnerability Assessment Group 5 Igibek Koishybayev; Yingchao Zhu ChenQian; XingyuWu; XuZhuo Zhang.

OpenVAS Vulnerability Assessment Group 5 Igibek Koishybayev; Yingchao Zhu ChenQian; XingyuWu; XuZhuo Zhang.
SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Installing Ricoh Driver. Items you need to know IP address of Printer Options that are installed And Paper Sizes To get all this information you can print.

Installing Ricoh Driver. Items you need to know IP address of Printer Options that are installed And Paper Sizes To get all this information you can print.
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter.

BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter.
1 GFI LANguard N.S.S VS NeWT Security Scanner Presented by:Li,Guorui.

1 GFI LANguard N.S.S VS NeWT Security Scanner Presented by:Li,Guorui.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.
Security Overview for Microsoft Infrastructures Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security.

Security Overview for Microsoft Infrastructures Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security.

Similar presentations

Ads by Google