Ver:
·
Evaluación
de vulnerabilidad
·
Análisis
de vulnerabilidades
·
SATAN -
Security Administrator Tool for Analyzing Networks
Programa que analiza un sistema buscando
vulnerabilidades. Utiliza una base de datos de defectos conocidos y determina
si el sistema bajo examen es vulnerable o no.
Proceso mediante el cual se buscan vulnerabilidades
en los sistemas de una entidad de manera remota a través del uso de
herramientas manuales o automatizadas. Análisis de seguridad que incluyen la
exploración de sistemas internos y externos, así como la generación de informes
sobre los servicios expuestos a la red. Los análisis pueden identificar
vulnerabilidades en sistemas operativos, servicios y dispositivos que pudieran
utilizar personas malintencionadas.
http://es.pcisecuritystandards.org
Process by which an entity’s
systems are remotely checked for vulnerabilities through use of manual or
automated tools. Security scans that include probing internal and external
systems and reporting on services exposed to the network. Scans may identify
vulnerabilities in operating systems, services, and devices that could be used
by malicious individuals.
https://www.pcisecuritystandards.org/security_standards/glossary.php
A vulnerability scanner is a
program that performs the diagnostic phase of a vulnerability analysis, also known
as vulnerability assessment. Vulnerability analysis defines, identifies, and
classifies the security holes (vulnerabilities) in a computer, server, network,
or communications infrastructure. In addition, vulnerability analysis can
forecast the effectiveness of proposed countermeasures, and evaluate how well
they work after they are put into use.
A vulnerability scanner
relies on a database that contains all the information required to check a
system for security holes in services and ports, anomalies in packet
construction, and potential paths to exploitable programs or scripts. Then the
scanner tries to exploit each vulnerability that is discovered. This process is
sometimes called ethical hacking.
http://searchsoftwarequality.techtarget.com/glossary/
An automated security
program that searches for software vulnerabilities within web applications.
http://www.webappsec.org/projects/glossary/
The practice of scanning for
and identifying known vulnerabilities of computing systems on a computer
network. Since vulnerability scanning is an informationgathering process, when
performed by unknown individuals it is considered a prelude to attack.
D. Schweitzer, 2003,
Incident Response: Computer Forensics Toolkit
Processus par lequel
les systèmes d’une entité sont vérifiés à distance pour déceler d’éventuelles
vulnérabilités à l’aide d’outils manuels ou automatisés. Les analyses de
sécurité comprennent la vérification des systèmes internes et externes, ainsi
que le rapport sur les services exposés au réseau. Les analyses permettent
d’identifier les vulnérabilités des systèmes d’exploitation, des services et
des dispositifs susceptibles d’être utilisés par des individus malveillants.
http://fr.pcisecuritystandards.org/