1
00:00:00,300 --> 00:00:05,580
‫So let's have a look at Nessa's developed by tenable network security is one of the most popular and

2
00:00:05,580 --> 00:00:07,530
‫capable vulnerability scanners.

3
00:00:08,340 --> 00:00:11,100
‫NASA's professional is a commercial product.

4
00:00:11,520 --> 00:00:17,610
‫In addition, a free Nessa's home version is also available, although it's limited and only licensed

5
00:00:17,610 --> 00:00:18,870
‫for home network use.

6
00:00:19,790 --> 00:00:22,760
‫Nessus allow scans for the following types of vulnerabilities.

7
00:00:23,770 --> 00:00:29,200
‫Vulnerabilities that allow a remote hacker to control or access sensitive data on a system.

8
00:00:30,360 --> 00:00:39,240
‫Misconfiguration, for example, open mail relais, missing patches, etc., default passwords, a few

9
00:00:39,240 --> 00:00:46,920
‫common passwords and blank or absent passwords on some system account, Nessa's can also call Hydra

10
00:00:46,920 --> 00:00:50,190
‫an external tool to launch a dictionary attack.

11
00:00:51,610 --> 00:01:01,360
‫Denial of service against the TCP IP stack by using malformed packets in preparation for PCI DNS audits.

12
00:01:02,480 --> 00:01:07,810
‫In a typical operation, Nessa's begins by doing a port scan to determine which ports are open on the

13
00:01:07,810 --> 00:01:11,710
‫target and then tries various exploits on the open ports.

14
00:01:12,430 --> 00:01:19,450
‫The vulnerability tests available as subscriptions are written in NASL, Nessus Attack Scripting Language,

15
00:01:19,800 --> 00:01:23,740
‫a scripting language optimized for custom network interaction.

16
00:01:25,350 --> 00:01:30,060
‫Nessa's is constantly updated with more than 70000 plug ins.

17
00:01:31,340 --> 00:01:38,090
‫Key features include remote and local authenticated security checks, a client server architecture with

18
00:01:38,090 --> 00:01:45,200
‫a Web based interface, and an embedded scripting language for writing your own plug ins or understanding

19
00:01:45,200 --> 00:01:45,950
‫the existing one.

20
00:01:47,080 --> 00:01:53,710
‫Obviously, the results of the scan can be reported in various formats, such as plain text, XML,

21
00:01:53,710 --> 00:01:56,380
‫HTML and latex.