Tuesday, March 7, 2017

Network Vulnerability Scanners

There are many network vulnerability scanners out there.  Many of them are poor quality.  For instance, one particular tool lists hundreds of vulnerabilities for a service running on the network simply based on the fact that version banner states it is a certain version.  These tools do not check for a vulnerability.

That's right.  Many of these tools do not check for a vulnerability.  Instead they look at version the number on an Apache web server or a MySQL server and then list hundreds of false positives.  The version number could be incorrect and/or patches may have been backported.  This is no different than static code analyzers that try to impress users with thousands of findings in fancy demonstrations that are false positives.

These tools are a waste of time and energy.  Get yourself a real tool that actually does a vulnerability check.