Ver:
· Evaluación de vulnerabilidad
· Análisis de vulnerabilidades
· SATAN - Security Administrator Tool for Analyzing Networks
Programa que analiza un sistema buscando vulnerabilidades. Utiliza una base de datos de defectos conocidos y determina si el sistema bajo examen es vulnerable o no.
Proceso mediante el cual se buscan vulnerabilidades en los sistemas de una entidad de manera remota a través del uso de herramientas manuales o automatizadas. Análisis de seguridad que incluyen la exploración de sistemas internos y externos, así como la generación de informes sobre los servicios expuestos a la red. Los análisis pueden identificar vulnerabilidades en sistemas operativos, servicios y dispositivos que pudieran utilizar personas malintencionadas.
http://es.pcisecuritystandards.org
Process by which
an entitys systems are remotely checked for vulnerabilities through use of
manual or automated tools. Security scans that include probing internal and
external systems and reporting on services exposed to the network. Scans may
identify vulnerabilities in operating systems, services, and devices that could
be used by malicious individuals.
https://www.pcisecuritystandards.org/security_standards/glossary.php
A vulnerability
scanner is a program that performs the diagnostic phase of a vulnerability
analysis, also known as vulnerability assessment. Vulnerability analysis
defines, identifies, and classifies the security holes (vulnerabilities) in a
computer, server, network, or communications infrastructure. In addition,
vulnerability analysis can forecast the effectiveness of proposed
countermeasures, and evaluate how well they work after they are put into use.
A vulnerability
scanner relies on a database that contains all the information required to
check a system for security holes in services and ports, anomalies in packet
construction, and potential paths to exploitable programs or scripts. Then the
scanner tries to exploit each vulnerability that is discovered. This process is
sometimes called ethical hacking.
http://searchsoftwarequality.techtarget.com/glossary/
An automated
security program that searches for software vulnerabilities within web
applications.
http://www.webappsec.org/projects/glossary/
The practice of
scanning for and identifying known vulnerabilities of computing systems on a
computer network. Since vulnerability scanning is an informationgathering
process, when performed by unknown individuals it is considered a prelude to
attack.
D. Schweitzer,
2003, Incident Response: Computer Forensics Toolkit
Processus par lequel
les systèmes dune entité sont vérifiés à distance pour déceler déventuelles
vulnérabilités à laide doutils manuels ou automatisés. Les analyses de
sécurité comprennent la vérification des systèmes internes et externes, ainsi
que le rapport sur les services exposés au réseau. Les analyses permettent
didentifier les vulnérabilités des systèmes dexploitation, des services et
des dispositifs susceptibles dêtre utilisés par des individus malveillants.
http://fr.pcisecuritystandards.org/
Temas relacionados