Thursday, January 01, 2009

Vulnerability Assessment | OpenVAS

From time to time we would like to audit our servers or do a vulnerability scan before moving a server to a production environment, and most of the time we don't have the budget or resource to pay for expensive comprehensive vulnerability scanner, that is where OpenVAS comes in OpenVAS stands for Open Vulnerability Assessment System is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications, OpenVAS products are Free Software under GNU GPL and a fork of Nessus another great free vulnerability scanner. Anyway OpenVAS Server currently only runs on Linux platform, but you can run the client on Windows XP with SP2 machines.

Learn More about OpenVAS here

Tech Blog's Quick List of other how to below:

1 comment:

Peter said...

I would argue that OpenVas is a "comprehensive" vulnerability scanner. It really isn't quite up there with commercial options when it comes to fancy report / interface but with some tuning you can get excellent results. The plugins are getting better all the time too, so be sure to let the maintainers know of any plugin problems.

You can always add some bling to the report before you pass it on to management. ;)

For suggestion and concerns E-mail