Vulnerability scanning

Un veedu la lock weak ah iruntha, nee dhaan first ah find panni fix pannuva, illana thief find pannuvan! Same concept dhaan vulnerability scanning. 🔍

Vulnerability scanning = Un systems, networks, applications la weaknesses automatically find panradhu. Hackers find panna munna nee find pannanum — adhu dhaan goal!

Every organization ku mandatory. Un personal systems ku kooda useful. Let's learn how! 🛡️

Vulnerability = Software, hardware, or configuration la irukku oru weakness — attacker exploit panna mudiyum.

Types of vulnerabilities:

CVE (Common Vulnerabilities and Exposures) = Global vulnerability database. Every known vulnerability ku oru unique ID irukku — like CVE-2024-12345.

CVSS Score (0-10) = Vulnerability severity measure pannuradhu:

• 0.0-3.9: Low 🟢
• 4.0-6.9: Medium 🟡
• 7.0-8.9: High 🟠
• 9.0-10.0: Critical 🔴

Different scanning types — different purposes:

1. Network Scanning 🌐

• Open ports, services, OS detection
• Firewall misconfigurations find pannum
• Tools: Nmap, Masscan

2. Web Application Scanning 🕸️

• SQL injection, XSS, CSRF vulnerabilities
• OWASP Top 10 check pannum
• Tools: OWASP ZAP, Burp Suite, Nikto

3. Host-based Scanning 💻

• Individual system la installed software, patches check
• Registry, file permissions audit
• Tools: Nessus, Qualys, OpenVAS

4. Database Scanning 🗄️

• Database misconfigurations, default credentials
• Excessive privileges detect
• Tools: DbProtect, AppDetectivePro

5. Cloud Scanning ☁️

• Cloud misconfigurations (S3 buckets open, IAM issues)
• Compliance check (CIS benchmarks)
• Tools: ScoutSuite, Prowler, CloudSploit

Scanning process step by step:

Step 1: Discovery 🔎

• Network la alive hosts find pannum
• Ping sweep, ARP scan use pannum
• "Enna enna devices irukku?" — first question

Step 2: Port Scanning 🚪

• Each host la open ports identify
• Services running on those ports detect
• nmap -sV 192.168.1.0/24 — service version detection

Step 3: Vulnerability Detection 🐛

• Known CVEs against detected services match pannum
• Version numbers compare — outdated ah check
• Configuration checks run pannum

Step 4: Analysis & Reporting 📊

• Findings categorize by severity
• False positives filter pannum
• Remediation recommendations provide pannum

Two approaches:

• Credentialed scan — Login credentials use panni deep scan. More accurate, more findings. ✅
• Non-credentialed scan — Outside perspective, no login. Faster but surface-level only. ⚡

Nmap (Network Mapper) = Most popular free network scanning tool.

Essential commands:

Nmap scan types:

Pro tip: nmap -sV --script vulners target.com — vulnerability database cross-reference panni results kaatdum! 🎯

🆓 OpenVAS (Greenbone) = Enterprise-grade free vulnerability scanner!

Setup (Kali Linux la):

Features:

- 50,000+ vulnerability tests (NVTs)

- Scheduled scanning support

- Detailed reports with remediation

- Web-based dashboard (Greenbone Security Assistant)

- Credentialed and non-credentialed scans

Best practices:

- Weekly automatic scans schedule pannunga 📅

- Credentialed scan use panna — 60% more vulnerabilities find aagum

- Custom scan policies create pannunga — un environment ku specific

- Results export panni tracking spreadsheet la maintain pannunga

Commercial alternatives: Nessus ($3,990/year), Qualys (cloud-based), Rapid7 InsightVM

Web apps ku special scanning tools vennum — OWASP Top 10 vulnerabilities find panna.

OWASP ZAP (Zed Attack Proxy) — Free web app scanner:

What it finds:

• 💉 SQL Injection — Database manipulation
• 📜 XSS (Cross-Site Scripting) — Malicious script injection
• 🔓 Broken Authentication — Session/login flaws
• 📂 Directory Traversal — Unauthorized file access
• 🔑 Sensitive Data Exposure — Unencrypted data
• ⚙️ Security Misconfigurations — Headers, cookies

Scanning modes:

1. Passive Scan — Traffic observe pannum, modify pannadu. Safe! ✅
2. Active Scan — Actually attack payloads send pannum. Risky! ⚠️
3. Spider/Crawl — All pages discover pannum
4. Ajax Spider — JavaScript-heavy apps crawl pannum

Important headers to check:

Scan results la 1000+ vulnerabilities varum — ellaam fix panna mudiyaadhu. Prioritize pannanum! 🎯

Risk-based prioritization formula:

Risk = Severity × Exploitability × Asset Value

Priority matrix:

Key factors:

• EPSS (Exploit Prediction Scoring) — Probability of exploitation in next 30 days
• CISA KEV — Known Exploited Vulnerabilities catalog. Idhu la iruntha = immediate fix! 🚨
• Asset exposure — Internet-facing vs internal
• Compensating controls — Firewall/WAF already protect pannudhaa?

⚠️ False positives = Scanner says vulnerability irukku, but actually illai!

Common causes:

- Version detection inaccurate — backported patches detect aagaadhu

- Generic signature match — context illama flag pannum

- Environmental differences — scanner's assumptions wrong

How to handle:

1. Verify manually — Actually exploit try pannunga (lab la!)

2. Cross-reference — Multiple tools use panni confirm

3. Check patches — OS vendor backported fix apply panniruppanga

4. Document exceptions — False positive confirm aana, exception create with justification

False positive rate benchmarks:

- Good scanner: 5-15% false positives

- Average scanner: 15-30%

- Bad scanner: 30%+ ❌

Tip: Credentialed scans = less false positives. Scanner actual installed versions check panna mudiyadhu without credentials!

Vulnerability find aachchu — ippo fix pannanum! 🔧

Remediation options:

1. Patch 🩹 — Best solution

• Software update install pannunga
• Vendor-released security patches apply
• Test first in staging, then production

2. Mitigate 🛡️ — Can't patch? Reduce risk

• Firewall rules add to block exploit path
• WAF rules for web vulnerabilities
• Network segmentation — isolate vulnerable system
• Disable vulnerable feature if not needed

3. Accept 📝 — Risk accept with documentation

• CVSS low + no exploit available + internal only
• Business justification document pannunga
• Management sign-off vaanganum
• Re-evaluate periodically

4. Transfer 📋 — Risk transfer

• Cyber insurance
• Third-party managed service

Patch management best practices:

• Test patches in lab environment first ✅
• Schedule regular patch windows (monthly) 📅
• Emergency patches for critical CVEs — 24-48h ⚡
• Track patch compliance — 95%+ target 🎯
• Rollback plan always ready — patch breaks something? Revert! 🔄

One-time scan podhaadhu — continuous ah pannanum!

Why continuous?

• New CVEs daily publish aagum (50+ per day!)
• Systems change constantly — new software, configs
• Attackers don't wait for your monthly scan

Continuous scanning pipeline:

1. 📋 Asset Inventory — Know what you have (you can't protect what you don't know!)
2. 🔍 Automated Scanning — Daily/weekly scheduled scans
3. 🔔 Alert Integration — Critical findings → Slack/Teams/PagerDuty
4. 📊 Dashboard — Real-time vulnerability posture view
5. 🎫 Ticketing — Auto-create Jira tickets for findings
6. ✅ Verification — Re-scan after fix to confirm
7. 📈 Metrics — Track MTTD (Mean Time to Detect) and MTTR (Mean Time to Remediate)

Key metrics to track:

Vulnerability scanning essentials recap:

✅ Vulnerability = Weakness that can be exploited by attackers

✅ Scanning types — Network, Web App, Host, Database, Cloud

✅ Tools — Nmap (network), OpenVAS (free), OWASP ZAP (web), Nessus (commercial)

✅ Prioritize by CVSS + Exploitability + Asset Value

✅ Remediate — Patch > Mitigate > Accept > Transfer

✅ Continuous scanning, not one-time — new CVEs daily!

✅ Credentialed scans find 60% more than non-credentialed

✅ Track metrics — MTTD, MTTR, coverage, compliance

Remember: Vulnerability scanning is defense — nee find pannanum before hacker find pannan! 🔍🛡️

Challenge: Comprehensive Vulnerability Assessment

3-4 weeks time la vulnerability scanning end-to-end practice pannunga:

1. Nmap Port Scan — Target system (lab environment) scan pannunga: nmap -sV -A 192.168.1.100. Open ports, services, OS detection — document pannunga.

1. OpenVAS Scan — OpenVAS install pannunga (free, open-source). Vulnerable VM (Metasploitable) scan pannunga. Vulnerabilities identify, severity levels understand pannunga.

1. Web Application Scan — OWASP ZAP download pannunga. Local web app scan pannunga. SQL injection, XSS, CSRF vulnerabilities find panna practice.

1. Nuclei Templates — Nuclei tool install pannunga (modern vulnerability scanner). OWASP Top 10 templates use panni scan pannunga.

1. Vulnerability Remediation — Each vulnerability analyze pannunga. Fix priority (CVSS score), implementation difficulty assess pannunga. Patches apply pannunga, rescan pannunga.

1. Report Generation — Professional vulnerability assessment report create pannunga. Executive summary, detailed findings, remediation roadmap — include pannunga.

1. Metrics Tracking — Scan results track pannunga (Excel spreadsheet). MTTD (mean time to detect), MTTR (mean time to remediate) calculate pannunga.

Certificate: Nee vulnerability assessment expert! 🔍⚠️

Q1: Vulnerability scanning vs penetration testing — difference?

A: Scanning = automated tools, point-in-time snapshot, identify vulnerabilities. Penetration testing = manual, extensive, exploitation attempt, business impact. Scanning = baseline, pentest = deep dive. Both important.

Q2: False positives vulnerability scanning la — epdhi manage?

A: Validation important — scanner result verify pannunga manually. Custom rules create pannunga false positives reduce panni. Whitelisting deprecated/false vulnerabilities. Regular tool updates. Experienced analyst review pannunga.

Q3: CVSS score — epdhi prioritize?

A: CVSS 9+: Critical, immediate fix. CVSS 7-8: High, weeks la fix. CVSS 4-6: Medium, months la address. CVSS <4: Low, routine patching. But context matter — critical system la medium vulnerability kuda high priority.

Q4: Credentialed vs non-credentialed scanning?

A: Non-credentialed = attacker view (external). Credentialed = internal view (employees). Both needed — 60% more vulnerabilities credentialed la find aagum. Scanning frequency — monthly minimum, weekly ideal for critical systems.

Q5: Vulnerability management program — enterprise level setup?

A: Asset inventory maintain pannunga. Scanning policy establish pannunga. Prioritization framework (risk-based). Remediation process define pannunga. Metrics track pannunga. Regular reporting executive level la. Continuous improvement.