1
00:00:00,000 --> 00:00:08,200
Vulnerability scanning plays a crucial role in an organization's cybersecurity

2
00:00:08,200 --> 00:00:14,400
strategy by automating the process of identifying potential security weaknesses within the systems,

3
00:00:14,400 --> 00:00:16,720
networks and applications.

4
00:00:16,720 --> 00:00:22,520
This automated process helps organizations proactively detect vulnerabilities, misconfigurations,

5
00:00:22,520 --> 00:00:27,880
outdated software and missing patches before they can be exploited by attackers.

6
00:00:27,880 --> 00:00:33,240
Using specialized tools, vulnerability scanning highlights security risks that could otherwise

7
00:00:33,240 --> 00:00:38,000
go unnoticed, making it an essential part of understanding the organization's security

8
00:00:38,000 --> 00:00:42,080
posture and developing a strategy to mitigate the risks.

9
00:00:42,080 --> 00:00:46,240
For example, a company might initiate a network-wide vulnerability scan.

10
00:00:46,240 --> 00:00:50,800
Of course, they can use Nmap, but it would be like a manual process.

11
00:00:50,800 --> 00:00:56,160
Of course, they can actually automate it using Python and bash shell scripting in

12
00:00:56,160 --> 00:01:02,560
order to automate things with their Nmap, otherwise they can use tools like Nessus, OpenVAS or Qualys.

13
00:01:02,560 --> 00:01:07,040
These tools scan for unpatched systems or outdated software that could be vulnerable

14
00:01:07,040 --> 00:01:10,880
to exploitation, like we saw with Nmap.

15
00:01:10,880 --> 00:01:16,240
The team would then prioritize patching or upgrading the software to prevent exploitation.

16
00:01:16,240 --> 00:01:21,320
Similarly, vulnerability scanning can uncover other critical issues like open

17
00:01:21,320 --> 00:01:25,800
ports, weak passwords, configuration issues and so on.

18
00:01:25,880 --> 00:01:30,680
From a technical standpoint, vulnerability-scanning tools operate by comparing the target system

19
00:01:30,680 --> 00:01:35,240
against a comprehensive database of known vulnerabilities.

20
00:01:35,240 --> 00:01:41,840
The databases typically contain information from reputable resources such as the CVE, Common

21
00:01:41,840 --> 00:01:47,720
Vulnerabilities and Exposures, and the NVD, National Vulnerability Database.

22
00:01:47,720 --> 00:01:51,920
These databases serve as a foundation for identifying known threats.

23
00:01:51,920 --> 00:01:56,440
The tools scan the target system using a combination of techniques, including network

24
00:01:56,440 --> 00:02:01,440
based checks, file system inspections, and software behavior analysis.

25
00:02:01,440 --> 00:02:06,360
Some vulnerability scanners even support credential scans, where the tool gains deeper insights

26
00:02:06,360 --> 00:02:12,040
into the system by logging into the system and examining configurations or checking for

27
00:02:12,040 --> 00:02:16,520
missing patches and outdated versions of the software.

28
00:02:16,520 --> 00:02:20,440
One of the advantages of vulnerability scanning is like the automation.

29
00:02:20,440 --> 00:02:26,600
It is the ability to be scheduled at regular intervals, allowing organizations to maintain

30
00:02:26,600 --> 00:02:29,120
up-to-date security assessments.

31
00:02:29,120 --> 00:02:33,840
This ensures that any new vulnerabilities or emerging threats are detected early.

32
00:02:33,840 --> 00:02:38,760
However, while the scanning process itself is automated, manual intervention remains

33
00:02:38,760 --> 00:02:40,280
necessary.

34
00:02:40,280 --> 00:02:44,680
Security professionals are required to assess complex issues that may arise,

35
00:02:44,680 --> 00:02:49,960
interpret the findings, and take appropriate action to remediate the vulnerabilities.

36
00:02:49,960 --> 00:02:53,880
For example, interpreting the impact of a discovered vulnerability,

37
00:02:53,880 --> 00:02:58,320
determining whether it needs immediate attention, and implementing the

38
00:02:58,320 --> 00:03:05,080
necessary fixes all require the expertise of cybersecurity professionals.

39
00:03:05,080 --> 00:03:10,400
Vulnerability scanning is a multi-faceted process that can be categorized into

40
00:03:10,400 --> 00:03:15,960
three primary types, network-based, application-based, and host-based scanning.

41
00:03:15,960 --> 00:03:20,960
Each type targets a different layer of an organization's infrastructure with a

42
00:03:20,960 --> 00:03:27,160
specific focus on identifying potential security vulnerabilities at that layer.

43
00:03:27,160 --> 00:03:32,400
These scans are critical for providing comprehensive security assessments,

44
00:03:32,400 --> 00:03:36,880
ensuring that all components of an organization environment are adequately

45
00:03:36,880 --> 00:03:38,200
protected.

46
00:03:38,200 --> 00:03:42,840
In network-based scanning, the focus is on identifying vulnerabilities within

47
00:03:42,840 --> 00:03:46,240
devices and systems connected to the network.

48
00:03:46,240 --> 00:03:49,880
This scan is essential for discovering issues such as open ports,

49
00:03:49,880 --> 00:03:54,720
misconfigured firewall rules, or unpatched network devices that could

50
00:03:54,720 --> 00:03:56,320
be exposed to attacks.

51
00:03:56,320 --> 00:04:00,640
Tools like Nessus, Nmap or Qualys are commonly used for network-based

52
00:04:00,640 --> 00:04:01,640
scanning.

53
00:04:01,640 --> 00:04:06,920
These tools assess public IP addresses, scanning for vulnerabilities that

54
00:04:06,920 --> 00:04:08,880
could be exploited through the network.

55
00:04:08,880 --> 00:04:12,040
For example, the network scan might detect an open port on a

56
00:04:12,040 --> 00:04:17,600
server that should be closed or identify an outdated router with

57
00:04:17,600 --> 00:04:19,880
known security flaws.

58
00:04:19,880 --> 00:04:24,120
This type of scan is crucial for understanding the network's exposure

59
00:04:24,120 --> 00:04:26,920
and securing its perimeter.

60
00:04:26,920 --> 00:04:30,400
Application-based scanning, on the other hand, targets web applications

61
00:04:30,400 --> 00:04:33,240
and their underlying software.

62
00:04:33,240 --> 00:04:37,320
It focuses on identifying security flaws in the code or logic of

63
00:04:37,320 --> 00:04:40,680
applications that could be exploited by attackers.

64
00:04:40,680 --> 00:04:45,560
This type of scanning is often carried out using tools like OWASP ZAP or

65
00:04:45,560 --> 00:04:51,120
Burp Suite by PortSwigger, namely, lately named.

66
00:04:51,120 --> 00:04:54,400
These tools are designed to detect common web application

67
00:04:54,400 --> 00:04:58,840
vulnerabilities, including SQL injection, cross-site scripting or

68
00:04:58,840 --> 00:05:00,680
insecure APIs.

69
00:05:00,680 --> 00:05:05,080
For instance, an application scan might identify a web page that is

70
00:05:05,080 --> 00:05:10,280
vulnerable to SQL injection, allowing attackers to access or

71
00:05:10,280 --> 00:05:13,400
manipulate the underlying database.

72
00:05:13,400 --> 00:05:16,720
Application-based scanning is vital because vulnerabilities in

73
00:05:16,720 --> 00:05:20,800
applications can be the gateway for attackers to compromise the

74
00:05:20,800 --> 00:05:22,760
system of the organization.

75
00:05:22,760 --> 00:05:27,440
Lastly, host-based scanning focuses on the individual systems within

76
00:05:27,440 --> 00:05:33,000
the organization, such as servers, workstations and other endpoints.

77
00:05:33,000 --> 00:05:36,560
This type of scanning ensures that the systems are securely

78
00:05:36,560 --> 00:05:40,520
configured up to date with security patches and have no

79
00:05:40,520 --> 00:05:44,440
missing, outdated software versions that would be exploited.

80
00:05:44,440 --> 00:05:48,760
Host-based scanning tools like OpenVAS or the Microsoft-based

81
00:05:48,760 --> 00:05:53,000
LAN security analyzer connect to systems or use agents to

82
00:05:53,000 --> 00:05:56,920
assess configurations and software versions that are installed

83
00:05:56,920 --> 00:05:58,200
inside the hosts.

84
00:05:58,200 --> 00:06:01,360
For example, a host scan might reveal that a server is

85
00:06:01,360 --> 00:06:05,280
running an outdated version of VirtualBox or a web server

86
00:06:05,280 --> 00:06:07,320
exposing to vulnerabilities.

87
00:06:07,320 --> 00:06:11,000
Host-based scanning also checks for weak access controls,

88
00:06:11,000 --> 00:06:14,920
configuration issues, security hardening and insecure

89
00:06:14,920 --> 00:06:18,240
configurations, ensuring the systems are properly hardened

90
00:06:18,240 --> 00:06:19,600
against the attacks.

91
00:06:19,600 --> 00:06:22,720
Technically, each scanning method uses different techniques

92
00:06:22,720 --> 00:06:24,760
to gather and analyze data.

93
00:06:24,760 --> 00:06:27,880
Network-based scans often employ techniques such as

94
00:06:27,880 --> 00:06:31,920
banner-grabbing, SYN scans and vulnerability signatures.

95
00:06:31,920 --> 00:06:34,920
Banner-grabbing involves collecting information from

96
00:06:34,920 --> 00:06:38,280
services, running on the open ports, such as software

97
00:06:38,280 --> 00:06:42,800
versions or operating systems to identify known vulnerabilities.

98
00:06:42,800 --> 00:06:46,520
Application-based scans typically inspect HTTPS,

99
00:06:46,520 --> 00:06:49,680
HTTP traffic, looking for vulnerabilities in the code,

100
00:06:49,680 --> 00:06:53,920
using code analysis or logic of the web applications.

101
00:06:53,920 --> 00:06:58,960
This scan can identify issues like improper input validation

102
00:06:58,960 --> 00:07:03,000
that is on the source code, weak session management,

103
00:07:03,000 --> 00:07:05,280
insecure authentication methods.

104
00:07:05,280 --> 00:07:08,440
Host-based scans, on the other hand, connect to a system.

105
00:07:08,440 --> 00:07:12,920
They are focused on the operating system and they rely on an

106
00:07:12,920 --> 00:07:16,320
agent installed in the system to check for missing patches,

107
00:07:16,320 --> 00:07:20,640
insecure configurations and outdated software versions.

108
00:07:20,640 --> 00:07:24,760
These scans may also assess system logs, user permissions and

109
00:07:24,760 --> 00:07:31,000
other system level settings that comes to the host analysis.

110
00:07:31,000 --> 00:07:33,760
While network-based scans is generally considered less

111
00:07:33,760 --> 00:07:37,600
intrusive, application-based and host-based scans can provide

112
00:07:37,600 --> 00:07:42,120
more granular, in-depth details but may require more access

113
00:07:42,120 --> 00:07:44,280
and permissions to the hosts.

114
00:07:44,280 --> 00:07:48,080
Application-based and host-based scans are often

115
00:07:48,080 --> 00:07:52,720
needed to have authentication access to the systems,

116
00:07:52,720 --> 00:07:56,640
to accurately assess their configuration and their security

117
00:07:56,640 --> 00:08:00,480
posture while network-based scanning can be enabled globally

118
00:08:00,480 --> 00:08:03,280
in a more centralized way.

119
00:08:03,280 --> 00:08:06,600
It is usually the network-based scanning, it is usually

120
00:08:06,600 --> 00:08:11,240
conducted from the outside and doesn't require as much access

121
00:08:11,240 --> 00:08:15,120
to the internal systems, making the less risky operation

122
00:08:15,160 --> 00:08:18,720
in terms of system intrusion, however the network might be

123
00:08:18,720 --> 00:08:21,720
affected because of the high traffic.