Learning Nessus for Penetration Testing


Learning Nessus for Penetration Testing
eBook: $20.99
Formats: PDF, PacktLib, ePub and Mobi formats
$17.84
save 15%!
Print + free eBook + free PacktLib access to the book: $55.98    Print cover: $34.99
$34.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Overview
Table of Contents
Author
Support
Sample Chapters
  • Understand the basics of vulnerability assessment and penetration testing as well as the different types of testing
  • Successfully install Nessus and configure scanning options
  • Learn useful tips based on real-world issues faced during scanning
  • Use Nessus for compliance checks

Book Details

Language : English
Paperback : 116 pages [ 235mm x 191mm ]
Release Date : January 2014
ISBN : 1783550996
ISBN 13 : 9781783550999
Author(s) : Himanshu Kumar
Topics and Technologies : All Books, Networking and Servers


Table of Contents

Preface
Chapter 1: Fundamentals
Chapter 2: Scanning
Chapter 3: Scan Analysis
Chapter 4: Reporting Options
Chapter 5: Compliance Checks
Index
  • Chapter 1: Fundamentals
    • Vulnerability Assessment and Penetration Testing
      • Need for Vulnerability Assessment
        • Risk prevention
        • Compliance requirements
      • The life cycles of Vulnerability Assessment and Penetration Testing
        • Stage 1 – scoping
        • Stage 2 – information gathering
        • Stage 3 – vulnerability scanning
        • Stage 4 – false positive analysis
        • Stage 5 – vulnerability exploitation (Penetration Testing)
        • Stage 6 – report generation
    • Introduction to Nessus
      • Initial Nessus setup
      • Scheduling scans
      • The Nessus plugin
      • Patch management using Nessus
      • Governance, risk, and compliance checks using Nessus
    • Installing Nessus on different platforms
      • Prerequisites
      • Installing Nessus on Windows 7
      • Installing Nessus on Linux
    • Definition update
      • Online plugin updates
      • Offline plugin updates
      • Custom plugins feed host-based updates
    • User management
      • Adding a new user
      • Deleting an existing user
      • Changing the password or role of an existing user
    • Nessus system configuration
      • General Settings
        • SMTP settings
        • Web proxy settings
      • Feed Settings
      • Mobile Settings
        • ActiveSync (Exchange)
        • Apple Profile Manager
        • Good For Enterprise
      • Result Settings
        • Advanced Settings
    • Summary
  • Chapter 2: Scanning
    • Scan prerequisites
      • Scan-based target system admin credentials
      • Direct connectivity without a firewall
      • Scanning window to be agreed upon
      • Scanning approvals and related paper work
      • Backup of all systems including data and configuration
      • Updating Nessus plugins
      • Creating a scan policy as per target system OS and information
      • Configuring a scan policy to check for an organization's security policy compliance
      • Gathering information of target systems
      • Sufficient network bandwidth to run the scan
      • Target system support staff
    • Policy configuration
      • Default policy settings
      • New policy creation
        • General Settings
        • Credentialed scan
        • Plugins
        • Preferences
    • Scan configuration
      • Configuring a new scan
        • General settings
        • E-mail settings
      • Scan execution and results
    • Summary
  • Chapter 3: Scan Analysis
    • Result analysis
      • Report interpretation
        • Hosts Summary (Executive)
        • Vulnerabilities By Host
        • Vulnerabilities By Plugin
      • False positive analysis
        • Understanding an organizations' environment
        • Target-critical vulnerabilities
        • Proof of concept
        • Port scanning tools
        • Effort estimation
      • Vulnerability analysis
        • False positives
        • Risk severity
        • Applicability analysis
        • Fix recommendations
      • Vulnerability exploiting
        • Exploit example 1
        • Exploit example 2
        • Exploit example 3
    • Summary
  • Chapter 4: Reporting Options
    • Vulnerability Assessment report
      • Nessus report generation
        • Report filtering option
      • Nessus report content
    • Report customization
    • Report automation
    • Summary
  • Chapter 5: Compliance Checks
    • Audit policies
    • Compliance reporting
    • Auditing infrastructure
      • Windows compliance check
      • Windows File Content
      • Unix compliance check
      • Cisco IOS compliance checks
      • Database compliance checks
      • PCI DSS compliance
      • VMware vCenter/vSphere Compliance Check
    • Summary

Himanshu Kumar

Himanshu Kumar is a very passionate security specialist with multiple years of experience as a security researcher. He has hands-on experience in almost all domains of Information Security specializing in Vulnerability Assessment and Penetration Testing. He enjoys writing scripts to exploit vulnerabilities.

Sorry, we don't have any reviews for this title yet.

Submit Errata

Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

Sample chapters

You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

Frequently bought together

Learning Nessus for Penetration Testing +    Openswan: Building and Integrating Virtual Private Networks =
50% Off
the second eBook
Price for both: $41.10

Buy both these recommended eBooks together and get 50% off the cheapest eBook.

What you will learn from this book

  • Understand the basics of vulnerability assessment and penetration testing
  • Install Nessus on Windows and Linux platforms
  • Set up a scan policy based on the type of infrastructure you are scanning
  • Configure a scan by choosing the right policy and options
  • Understand the difference between credentialed and non-credentialed scans
  • Analyze results from a severity, applicability, and false positive perspective
  • Perform penetration tests using Nessus output
  • Perform compliance checks using Nessus and understand the difference between compliance checks and vulnerability assessment

In Detail

IT security is a vast and exciting domain, with vulnerability assessment and penetration testing being the most important and commonly performed security activities across organizations today. The Nessus tool gives the end user the ability to perform these kinds of security tests quickly and effectively.

Nessus is a widely used tool for vulnerability assessment, and Learning Nessus for Penetration Testing gives you a comprehensive insight into the use of this tool. This book is a step-by-step guide that will teach you about the various options available in the Nessus vulnerability scanner tool so you can conduct a vulnerability assessment that helps to identify exposures in IT infrastructure quickly and efficiently. This book will also give you an insight into penetration testing and how to conduct compliance checks using Nessus.

This book starts off with an introduction to vulnerability assessment and penetration testing before moving on to show you the steps needed to install Nessus on Windows and Linux platforms.

Throughout the course of this book, you will learn about the various administrative options available in Nessus such as how to create a new user. You will also learn about important concepts like how to analyze results to remove false positives and criticality. At the end of this book, you will also be introduced to the compliance check feature of Nessus and given an insight into how it is different from regular vulnerability scanning.

Learning Nessus for Penetration Testing teaches you everything you need to know about how to perform VA/PT effectively using Nessus to secure your IT infrastructure and to meet compliance requirements in an effective and efficient manner.

Approach

This book is a friendly tutorial that uses several examples of real-world scanning and exploitation processes which will help get you on the road to becoming an expert penetration tester.

Who this book is for

Learning Nessus for Penetration Testing is ideal for security professionals and network administrators who wish to learn how to use Nessus to conduct vulnerability assessments to identify vulnerabilities in IT infrastructure quickly and efficiently.

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software