How a network vulnerability scanner works?

A vulnerability assessment is a key responsibility of any IT security team or managed security service provider. It helps to report on any security vulnerabilities that exist in an organisation’s system and software.

Vulnerabilities can be managed only if they have been discovered and identified. RedSpam offers two distinct scanning engines designed to test Web Applications and computer systems for vulnerabilities.

RedSpam Security Assessment Step-by-Step

1. Online reconnaissance:

The assessment performs online reconnaissance to gather information related to the site that is publicly available in search engines and other online indexing services.

2. Application scanning:

The next step is to map out the application using a sophisticated crawling engine. This crawler combines traditional web scraping with a browser-based crawler which implements artificial intelligence (AI) to mimic typical application use behaviour.

3. Methodical security testing

This “Mapped Attack Surface” enumerated during the initial phases of the scan, is then subject to methodical security testing. Generally, this assessment process works by taking each user-supplied data component, such a form filed of the query string parameter. Then, it includes a specific test case before submitting it to the server. Based on the application response, further test cases are then submitted through the same method to confirm the vulnerability.

Which component is not covered within the application scanning phase?

The infrastructure scan begins by port scanning each host to identified accessible services. Each service is probed for vulnerabilities such as missing security patches, configuration weakness and information disclosure vulnerabilities.

What are the common vulnerabilities detected in a scan?

The most common vulnerabilities detected during the web application scan include:

  • Injection flaws (SQL, NoSQL, XML)
  • Code and Command injection
  • Cross-Site Scripting
  • Other vulnerabilities arising from insecure code

Common vulnerabilities detected during the infrastructure scanning phase include missing operating system patches, weak administrative passwords, and access control vulnerabilities.

If the target system is hosted within Amazon Web Services, Google Cloud or Azure, specific configuration assessment modules are launched to identify common configuration weaknesses.

How is the risk calculated?

Once you’ve scanned your assets for vulnerabilities, you need to develop a response plan that describes the vulnerabilities and their potential impact on your environment, and then decide which issues to remediate first. Key findings are ranked and positioned according to the relative risk or probability of exploitation. Vulnerabilities are split into 3 impact categories: high, medium, and low.

Risk is calculated by comparing the impact vs the probability of exploit which is represented using colour coding.

Doing this efficiently requires expert knowledge of not only the exploit methods but the affected systems as well.

RedSpam addresses this pain point by providing a unified and easy-to-use platform that includes both asset discovery and network vulnerability scanning tools.

If you want to discover the weaknesses of a given system, contact us to undertake a FREE vulnerability scan with AppCheck or simply click the button below.