Vulnerability Scanning

Vulnerability Scanning 

Till now we have covered too much about information gathering once we had gather information
we have to move to our next step and that is vulnerability this article we will cover what is vulnerability and blah blah.

What is vulnerability?

vulnerability is something we called a loophole in system or configuration or code,where attacker can attack. 
vulnerability  scanning can be done by programs or manually.

The Basic Vulnerability Scan

A vulnerability scanner is an automated program designed to look for weaknesses in computers, computer systems, networks, and applications. The program probes a system by sending data to it over a network and analyzing the responses received, in an
effort to enumerate any vulnerabilities present on the target by using its vulnerability database as reference.

Types of vulnerability

Their are 10 type of vulnerability (most common and dangerous)

  • Sql injection attack.
  • Broken authentication/session management 
  • XSS (cross site scripting)
  • Insecure direct object reference
  • Security misconfiguration
  • Sensitive data exploser
  • Missing function level access control
  • CSRF (cross site scripting forgery)
  • using component with known vulnerability 
  • unvalidated redirects and forewords 

These are the top 10 vulnerability 

Vulnerability Scanning

Their are certain ways to doing it we will explore more in our next article, in upcoming article we will cover how to scan for vulnerability by tools and manually

Use google for more deatils