-
Vulnerability Scanner
- Automated tools and programs that scan for security vulnerabilities.
-
Modern scanning tools may be available as:
- Cloud-Based SaaS (Software as a Service)
- Web Application
- Agent (installed on the host device)
-
Examples:
-
Tenable Nessus
- A proprietary vulnerability scanner developed by Tenable Network Security.
- Host-Based
-
Burp Suite
- Web Application-Based
- Burp Suite also has a Mobile Application
-
Rapid7 Nexpose + InsightVM
- Rapid7 are the sentinels of the Metasploit Project, which develops a bulk of the open-source penetration testing and exploitation tools used by white hat hackers today. Their vulnerability scanner combines a cloud-based and host-based solution.
- Nexpose: Host-Based
- InsightVM: Cloud-Based
-
OWASP Zed Attack Proxy (ZAP)
- The Open Web Application Security Project (OWASP) is another security-minded group. Unlike Rapid7, however, OWASP has no profit motive. Their ZAP open-source web application security scanner is one of the most active OWASP projects, intended for both professionals and inexperienced security users, and is free to download and use.
- When used as a proxy server, the user may manipulate all traffic that passes through it, including HTTPS.