Use the vulnerability scanning device to access the network of the tested object, and ensure that the vulnerability scanning device only scans the target test device by specifying the IP address range and other configuration methods, and generates a scanning report. Scanning is based on the built-in vulnerability knowledge base of the vulnerability scanning device, and detects the security vulnerabilities of the operating system, application program, database, network equipment, and security equipment of the target server (terminal) by collecting information and executing vulnerability detection scripts. At the same time, the scanning process is analyzed in combination with the latest vulnerability threat intelligence database to obtain the comprehensive test results of vulnerability scanning.
Mainly perform the following types of scans:
(1) Operating system vulnerability scanning: scan the operating system of servers (terminals), network devices, and security devices, retrieve device vulnerabilities, system patch updates, and remote service port openings, etc., and conduct comprehensive analyze.
(2) Database vulnerability scanning: Vulnerability scanning is performed on the database in the system, including inspection items such as privilege escalation vulnerabilities, buffer overflow vulnerabilities, access control vulnerabilities, SQL injection vulnerabilities, excessive execution privilege vulnerabilities, and access privilege bypass vulnerabilities.
(3) Web scanning: Scan the web services in the system for vulnerabilities, including SQL injection, XSS cross-site scripting, information leakage, directory traversal and other inspection items.
(4) Vulnerability scanning of industrial control equipment: scan for vulnerabilities of industrial control equipment in the system, including unauthorized access, buffer overflow vulnerabilities, communication protocol vulnerabilities, etc.
(5) Weak password scanning: Through the built-in weak password dictionary, it automatically detects problems such as accounts and passwords in the system that are the same, relatively simple passwords, and default passwords.
(6) Combining tool scanning and manual spot check verification to detect whether there are potential backdoors, weak links and other system loopholes in the system, and whether there are illegal programs such as Trojan horses and viruses.