What is OpenVAS?
OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high-level and low-level Internet and industrial protocols, performance tuning for large-scale scans, and a powerful internal programming language to implement any type of vulnerability test.
The scanner is accompanied by a vulnerability tests feed with a long history and daily updates. This Greenbone Community Feed includes more than 80,000 vulnerability tests.
OpenVAS released with GVM-10 receives numerous performance optimization to address the challenge of a growing number of vulnerability tests, scanning target networks of increasing size and heterogeneity.
OpenVAS released with GVM-11 introduces substantial architectural changes: The former service “openvassd” is turned into a command-line tool “openvas”. It is controlled by the service layer ospd-openvas. This concept essentially replaces the old stateful, permanent and proprietary OTP (OpenVAS Transfer Protocol) with the new state-less, request-response XML-based, and generic OSP (Open Scanner Protocol).
We use OpenVAS Network Vulnerability Assessment
The Network Vulnerability Assessment uses OpenVAS as our solution for assessing the network perimeter and for evaluating the external security posture of a company.
We perform an in-depth network vulnerability scan by using more than 57,000 plugins. We start by detecting the open ports and services and then continue by querying a database for known vulnerabilities which may affect the specific software versions.
The network perimeter of a company is the ‘wall’ which isolates the internal network from the outside world. However, because the outside world needs to access various resources of the company (ex. the website), the network perimeter exposes some network services (ex. FTP, VPN, DNS, HTTP, and others).
Web Penetration Testing
Our flagship cybersecurity service, we fully analyze and determine the extent to which your assets can defend against threats by testing your exposure to exploits and vulnerabilities on your infrastructure.
We discover and safely exploit vulnerabilities before hackers do
The primary goal of a pen test is to identify weak spots in an organization’s security posture, as well as measure the compliance of its security policy, test the staff’s awareness of security issues and determine whether — and how — the organization would be subject to security disasters.
A penetration test can also highlight weaknesses in a company’s security policies. For instance, although a security policy focuses on preventing and detecting an attack on an enterprise’s systems, that policy may not include a process to expel a hacker.