Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

How to Maximize Your Penetration Tests with Nessus

Penetration tests and vulnerability assessments make for an excellent tandem approach to cybersecurity. 

While similar — and sometimes confused for each other — penetration tests and vulnerability assessments are decidedly not the same thing. There are important, fundamental differences that actually allow these two tactics to be used in tandem.

Vulnerability assessments and penetration tests both look for weaknesses in your network. In the former, the key goal is to identify, quantify and analyze vulnerabilities within IT infrastructure, enumerating all of the hypothetical routes to a cyberattack. This applies to everything from compromised IoT devices to applications with glitches in their source code. The process is often automated, and in many organizations, can ultimately identify hundreds, if not thousands, of vulnerabilities. 

A penetration test, meanwhile, is an authorized attack on your own systems — a form of ethical hacking — that exploits vulnerabilities so that a pen tester can attempt to gain access to systems and data. The idea is to see how easy or difficult it is to overcome your defenses, testing the hypothetical risks found during a vulnerability assessment. Pen testers use a well-known arsenal of "white hat" hacking tools to complete their sanctioned attacks, including the Social Engineering Toolkit1 and Pen Testers Framework.2 But a pen tester's manual skill and creativity are just as important to successfully find an exploitable system, map the network, gain access to other systems and test defenses. Think of it as the infosec version of criminal profiling: Only by imagining the mindset of a malicious hacker and mimicking their activities can a well-intentioned pen tester truly understand the risk an organization faces and adequately prepare to face it. 

Focus your penetration testing with active scanning

Active scanning proactively searches for vulnerability signs at the time the scan is initiated. Passive scans monitor network activity and wait to see indicators of vulnerabilities. Active scanning is a core function of Nessus Professional, and for organizational users, it is the most direct method of searching for vulnerabilities and an excellent complement to any penetration test. As an example, if a pen tester is looking for an exploitable hole in a website, they could use a web application scanner to identify specific ways in which applications are vulnerable to attacks, such as cross-site scripting or SQL injections, and then explore those areas in greater detail (either with pen testing tools or manual methods).

Illustration - Maximize your penetration testing with Nessus

Vulnerability scan results save time and resources by identifying the areas a pen test should focus on most closely. For example, imagine that scan results show your Apache framework is vulnerable. But if you know you can easily mitigate the vulnerability by removing the application entirely, simply go ahead and do that! That's a much more efficient approach than using pen testing resources to explore the weaknesses of a program in great detail.

The goal of active scanning should be to focus pen testing efforts, not expand them. If you’re using penetration testing to double-check everything your active scanning solution finds, you’re just adding more work.

Vulnerability scanning is necessary for hardening systems to ensure information security. At Tenable, results from your Nessus scans can be integrated with popular penetration testing tools. This makes it even easier to start penetration testing from a solid foundation.

Find the unknowns with offline assessments

While active scanning can help focus your penetration testing efforts, what about identifying flaws and vulnerabilities while offline? This is especially important if you have not been running your scans on a frequent basis: Any new applications you added between scans won't have been screened for weaknesses, leaving you potentially exposed to glitches you didn't know about. Unmanaged assets with vulnerabilities — or those with settings that aren’t consistent with policy — are great targets to exploit. 

Nessus Professional's Live Results feature, once activated, performs an offline vulnerability assessment separately from your standard scan every time plugins are updated. Based on its examination of data from past scans, it searches for possible glitches and sends alerts of suspicious findings. At that point, you can run an active scan with Nessus to validate the findings. 

Preceding a penetration test and other usual scans with Live Results can make life easier for the pen tester. Live Results can help guide infosec professionals while they conduct their tests, aiding them in identifying how their examination can be redirected. From there, testers can comprehensively assess the situation and conclude which vulnerabilities must be closely tested and explored to gauge how easily they can be exploited. 

The combination of active scanning with offline vulnerability assessments using Live Results from Nessus represents a strong strategy for improving penetration testing success and protecting your network. 

Try it out for yourself with a free 7-day trial of Nessus Professional.

Start Your Free Nessus Trial

1. TrustedSec, "The Social-Engineer Toolkit (SET)"
2. TrustedSec, "PenTesters Framework (PTF)"

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.