Basic Security Testing with OpenVAS and Penetration Testing
What you'll learn
- Installation and management of OpenVAS/GVM
- Complete host scan, server scan and database scan with OpenVAS/GVM.
- Behind the scene of Vulnerability scanning with OpenVAS.
- Basics of TCP/IP model
- Knowledge of Windows fundmentals
OpenVAS/GVM is a fully-featured vulnerability scanner, but it’s also one component of the larger “Greenbone Security Manager” (GSM).
OpenVAS dates back to 2009 and the project is maintained by a commercial/open-source company. With its focus on the enterprise market and its long history, any risks of enterprises adopting a technology that might become abandoned are greatly reduced.
Here are some notable positives of OpenVAS/GVM:
Has a long history (since 2009) with daily updates and over 50,000 vulnerability tests
Is backed by an enterprise software-security company
Can perform various types of authenticated/unauthenticated tests
Supports a variety of high- and low-level Internet and industrial protocols
Has an internal programming language that can be used for implementing custom vulnerability tests
Vulnerability scanning is one of the foundations of standard enterprise security. An enterprise with a good security posture will have: a firewall, some type of asset-mapping, a vulnerability scanner and possibly even a security team that does some type of pentesting. Keep in mind that the list above is not exhaustive, but the rudimentary outline of an enterprise with a few good security measures in place.
Vulnerability scanners, in particular, are critical for ensuring that any threats that may have made it past the firewall are picked up before they can infect and destroy entire networks.
The enterprise/proprietary vulnerability scanner market is filled with competitors (such as QualysGuard or Nessus), and while some companies prefer running proprietary enterprise scanners, there are also many companies that prefer using collective intelligence and open source scanners.
One such product is OpenVAS (now renamed Greenbone Vulnerability Management or GVM). In this post we’ll refer to OpenVAS/GVM interchangeably, as the old name is still used to identify the software.
Who this course is for:
- Security Analyst who want scan their complete Infrastructure including Network, database and Web Applications
- Cybersecurity or Infosec engineers who want to learn Web Application Scanning in details with Nessus Scanner
9 assertive years in information security have led me to do one thing: Build InfoSec solutions that actually work.
He has worked with Organizations such as HP Enterprise, Alcatel-Lucent, Reliance Communications.
He is currently working as Principal Consultant at Tesseract Global and helps businesses make security possible by enabling visibility, engagement, and leadership.
Diverse security leadership experience, including roles in operations, system integration, security architecture, project management, Identity, and Access management, business continuity planning, IT risk management and information security.
He has delivered multiple assignments on Cyber Security, Payments, PCI DSS, SSAE16, ISO20000, BS25999, ISO 27001, Secure Architecture Design & Solution Implementation, IT Security & Risk Management, IT Audit, Advisory & Assurance and Business Process & Controls Improvement for enterprises in United States, Singapore, India, UAE & UK.