Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

How to Maximize Your Penetration Tests with Nessus

Penetration tests and vulnerability assessments make for an excellent tandem approach to cybersecurity. 

While similar — and sometimes confused for each other — penetration tests and vulnerability assessments are decidedly not the same thing. There are important, fundamental differences that actually allow these two tactics to be used in tandem.

Vulnerability assessments and penetration tests both look for weaknesses in your network. In the former, the key goal is to identify, quantify and analyze vulnerabilities within IT infrastructure, enumerating all of the hypothetical routes to a cyberattack. This applies to everything from compromised IoT devices to applications with glitches in their source code. The process is often automated, and in many organizations, can ultimately identify hundreds, if not thousands, of vulnerabilities. 

A penetration test, meanwhile, is an authorized attack on your own systems — a form of ethical hacking — that exploits vulnerabilities so that a pen tester can attempt to gain access to systems and data. The idea is to see how easy or difficult it is to overcome your defenses, testing the hypothetical risks found during a vulnerability assessment. Pen testers use a well-known arsenal of "white hat" hacking tools to complete their sanctioned attacks, including the Social Engineering Toolkit1 and Pen Testers Framework.2 But a pen tester's manual skill and creativity are just as important to successfully find an exploitable system, map the network, gain access to other systems and test defenses. Think of it as the infosec version of criminal profiling: Only by imagining the mindset of a malicious hacker and mimicking their activities can a well-intentioned pen tester truly understand the risk an organization faces and adequately prepare to face it. 

Focus your penetration testing with active scanning

Active scanning proactively searches for vulnerability signs at the time the scan is initiated. Passive scans monitor network activity and wait to see indicators of vulnerabilities. Active scanning is a core function of Nessus Professional, and for organizational users, it is the most direct method of searching for vulnerabilities and an excellent complement to any penetration test. As an example, if a pen tester is looking for an exploitable hole in a website, they could use a web application scanner to identify specific ways in which applications are vulnerable to attacks, such as cross-site scripting or SQL injections, and then explore those areas in greater detail (either with pen testing tools or manual methods).

Illustration - Maximize your penetration testing with Nessus

Vulnerability scan results save time and resources by identifying the areas a pen test should focus on most closely. For example, imagine that scan results show your Apache framework is vulnerable. But if you know you can easily mitigate the vulnerability by removing the application entirely, simply go ahead and do that! That's a much more efficient approach than using pen testing resources to explore the weaknesses of a program in great detail.

The goal of active scanning should be to focus pen testing efforts, not expand them. If you’re using penetration testing to double-check everything your active scanning solution finds, you’re just adding more work.

Vulnerability scanning is necessary for hardening systems to ensure information security. At Tenable, results from your Nessus scans can be integrated with popular penetration testing tools. This makes it even easier to start penetration testing from a solid foundation.

Find the unknowns with offline assessments

While active scanning can help focus your penetration testing efforts, what about identifying flaws and vulnerabilities while offline? This is especially important if you have not been running your scans on a frequent basis: Any new applications you added between scans won't have been screened for weaknesses, leaving you potentially exposed to glitches you didn't know about. Unmanaged assets with vulnerabilities — or those with settings that aren’t consistent with policy — are great targets to exploit. 

Nessus Professional's Live Results feature, once activated, performs an offline vulnerability assessment separately from your standard scan every time plugins are updated. Based on its examination of data from past scans, it searches for possible glitches and sends alerts of suspicious findings. At that point, you can run an active scan with Nessus to validate the findings. 

Preceding a penetration test and other usual scans with Live Results can make life easier for the pen tester. Live Results can help guide infosec professionals while they conduct their tests, aiding them in identifying how their examination can be redirected. From there, testers can comprehensively assess the situation and conclude which vulnerabilities must be closely tested and explored to gauge how easily they can be exploited. 

The combination of active scanning with offline vulnerability assessments using Live Results from Nessus represents a strong strategy for improving penetration testing success and protecting your network. 

Try it out for yourself with a free 7-day trial of Nessus Professional.

Start Your Free Nessus Trial

1. TrustedSec, "The Social-Engineer Toolkit (SET)"
2. TrustedSec, "PenTesters Framework (PTF)"

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training