Vulnerability Scanning

This paper was downloaded from TechRxiv (https://www.techrxiv.org).

LICENSE

CC BY 4.0

SUBMISSION DATE / POSTED DATE

15-07-2022 / 20-07-2022

CITATION

Pandey, Subhangani; Chaudhary, Anita (2022): Vulnerability Scanning. TechRxiv. Preprint.

https://doi.org/10.36227/techrxiv.20317194.v1

DOI

10.36227/techrxiv.20317194.v1
 Vulnerability Scanning
First A. Subhangani, Second B. Anita Chaudhary

 are widely used today to find flaws. They are very important in
Abstract—The commercial value of web applications has the construction of attack graphs.
significantly increased in recent years. They progressed from simple
information-sharing platforms to more sophisticated business II. VULNERABILITY SCANNER
applications. Web-based apps, unlike most other technologies, are
always accessible from anywhere in the world. This makes them ideal
targets for malevolent cyberattacks. Scanners can identify and mitigate A vulnerability scanner is a computer program that scans
an organization's vulnerabilities. However, without a thorough computers, networks, and applications for known
awareness of a system's weaknesses, it would be difficult to undertake vulnerabilities. To put it another way, these scanners are
effective network defense in order to keep intruders out in the real utilized to find the flaws in a system. They are used to identify
world. As a result, vulnerability scanning is an important part of a
cybersecurity curriculum's success. In this paper, we'll look at the and discover vulnerabilities in network-based assets such as
present state of open-source vulnerability scanning technologies. A firewalls, routers, web servers, application servers, and so on
literature review of vulnerability assessment and reporting, that arise from misconfigurations or defective programming.
vulnerability scanning, vulnerability scanning technologies, security They're usually available as SaaS (Software as a Service),
vulnerabilities, system and application security, and malicious cyber- which means they're supplied as a web application via the
attacks reveals that a lot of work is being done in this area. This
internet. In order to generate a more thorough image of the
research provides an in-depth examination of vulnerability scanning
technologies. In this paper, we covered two important topics: system, most vulnerability scanners will attempt to log in to
vulnerability scanning and reporting. Then, after identifying gaps in computers using default or other credentials. Following the
relevant practices and presenting chosen findings, we emphasize future creation of an inventory, the vulnerability scanner compares
directions and bring this study to a conclusion. The top open-source each item in the inventory to one or more databases of known
network vulnerability scanning tools are described in detail. vulnerabilities to see if any of the objects are vulnerable. A
Keywords—Vulnerability assessment, Vulnerability, Security, systems vulnerability analysis is produced as a result of such a
Threat.
scan, revealing any known vulnerabilities that may require
threat and vulnerability management.
I. INTRODUCTION

T HE advent of information technology, user security has

become a more important consideration. Because most
software developers are unaware of the various security
Vulnerability Assessment, also known as Vulnerability
Testing, is a vulnerability scanning software used to assess
security risks in software systems in order to lessen the
measures that should be implemented because their primary likelihood of a security breach. It is the process of defining,
goal is to make the software application run in the desired state identifying, classifying, and prioritizing vulnerabilities in
without considering the flaws that the programming language computer systems, applications, and network infrastructures.
may have introduced into the system, it becomes increasingly Vulnerability assessments also provide organizations with the
important to devise new strategies and methodologies that will information, awareness, and risk backgrounds they need to
protect users from being attacked by any unauthorized access. recognize and respond to threats to their environment.
Not only does software with defects leave the user exposed to
attacks, but the network is frequently a crucial role in The goal of a vulnerability assessment is to identify threats
jeopardizing the users' security. and the risks they entail. They usually entail the use of
Assessing and removing vulnerabilities necessitates a automated testing tools like network security scanners, the
thorough knowledge and comprehension of these flaws. It results of which are documented in a vulnerability assessment
becomes necessary to understand the basic concept behind report. Vulnerability assessments can assist organizations of
these vulnerabilities, such as what causes them to appear in the any size, as well as people who are in danger of cyber assaults,
system, what flaws need to be fixed to make the system free of but vulnerability analysis will benefit major enterprises and
these vulnerabilities, and what alternatives can be devised for other types of organizations that are vulnerable to continual
these vulnerabilities in the future to reduce their risk, and so on. attacks the most.
Various methods have been used to identify these flaws, and
necessary measures have been adopted. Static analysis, attack
graph generation and analysis, and vulnerability scanner use are
only a few of them. Vulnerability scanners, on the other hand,

F. A. Subhangani is with the Dronacharya College of Engineering S. B. Anita Chaudhary, was with Dronacharya College of Engineering
Gurgaon, Haryana,122001, (corresponding author, phone: 91-9891729455; e- Gurgaon, Haryana,122001, (e-mail: dceanita@ gmail.com)
mail: subhangani726@ gmail.com). .
 classification system known as the Common Vulnerability
Scoring System (CVSS). The National Vulnerability Database's
CVSS scores include factors such as attack vector, complexity,
required privileges, user involvement, and the impact of
confidentiality, integrity, and availability.

TABLE 1
RISK LEVEL AND THEIR CVSS RANGE
RISK CVSS
LEVEL RANGE EXAMPLES
Fig.1 Vulnerability Scanning System Diagram
SQL Injection, Remote Code
Execution, and Command
Because security flaws can allow hackers to get access to IT Critical 10 Injections
systems and apps, it's critical for businesses to identify and fix
flaws before they're exploited. Companies can improve the Memory Corruption,
security of their systems by conducting a full vulnerability Distributed/Denial of Service,
High 7-9 Directory Traversal
assessment and implementing a management program.
Vulnerability Assessment and Penetration Testing are two Cryptographic Protocol,
approaches that are used in vulnerability analysis (VAPT). Medium 4-6 Command Injection
Vulnerability evaluations are crucial. Internal Information Disclosure,
A vulnerability assessment gives information on any security Low 1-3 Browsable Web Directory
flaws in an organization's environment. It also instructs on how
Informational 0 Software Version Disclosure
to evaluate the hazards connected with certain flaws. This
method gives the company a greater awareness of its assets,
security issues, and overall risk, lowering the chances of a B. How do vulnerability scanners work?
cybercriminal breaking into its systems and catching the
company off guard. Vulnerability scanning is an examination of a computer's or
network's potential points of exploit in order to find security
A. Types of a vulnerability scanner: weaknesses.
A security scan identifies and analyses system flaws in
Host-Based: Identifies problems with the host or system. The computers, networks, and communications equipment, as well
process is completed by using host-based scanners to identify as predicts how successful countermeasures will be. An
and diagnose vulnerabilities. The host-based tools will install a organization's IT department or a security service provider may
mediator program on the target machine, which will track the conduct a scan, maybe as a condition imposed by some
occurrence and alert the security analyst. authority. Attackers who are looking for points of entry also
Network-Based: It will discover open ports and identify any utilize vulnerability scanning.
unfamiliar services that are using them. It will then reveal any A vulnerability scanner runs from the person assessing the
potential vulnerabilities linked with these services. Network- attack surface in question to the end point of the scanner. Details
based Scanners are used in this process. about the targeted attack surface are compared to a database of
Database-Based: It will use tools and techniques to uncover known security weaknesses in services and ports, packet
security vulnerabilities in database systems and prevent SQL building irregularities, and potential paths to exploitable
Injections. (SQL Injections: - Malicious users inject SQL programs or scripts. Each found vulnerability is attempted to be
statements into a database, allowing them to read sensitive data exploited by the scanner program.
from the database and edit the data in the database.) Running a vulnerability scan has its own set of hazards
Wireless network scans of an organization's Wi-Fi networks because it is inherently intrusive to the running code on the
frequently concentrate on potential sites of attack in the target system. As a result, the scan may result in errors and
infrastructure. A wireless network scan can confirm that a reboots, lowering productivity.
company's network is safely configured in addition to
discovering rogue access points. C. What factors should consider while selecting a
Application scans examine websites for known software vulnerability scanning tool?
flaws and inappropriate network or web application setups.
Vulnerability scanners are software that scans a network's When looking into vulnerability scanners, find out how they
design, reports flaws, and gives recommendations on how to fix rank in terms of accuracy, as well as dependability, scalability,
them. Vulnerability scanners provide information on Common and reporting. If the scanner's accuracy isn't up to par, then have
Vulnerabilities and Exposures (CVE), which is a set of to run two separate scans in the hopes of finding vulnerabilities
standardized names for known vulnerabilities with a risk that the other overlooks. Scanning becomes more expensive and
time-consuming as a result of this. 4) OpenVAS: Greenbone Networks maintains OpenVAS, an
open-source vulnerability scanner. The scanner also features a
Vulnerability Scanners that are based on software include community feed with over 50,000 vulnerability testing that is
configuration auditing, target profiling, penetration testing, and updated on a regular basis. OpenVAS isn't the most user-
extensive vulnerability analysis are common features of these friendly scanner, but it's one of the most capable security
scanning programs. They operate with Microsoft System scanners available for free. It can scan tens of thousands of
Center and other Windows products to enable intelligent patch vulnerabilities and manages false-positive findings.
management, and some even work with mobile device Stages of Vulnerability Assessment
managers. They can scan virtual machines, BYOD mobile 1. Identify the scope of the project
devices, and databases in addition to traditional network - Servers, network devices, printers, IoT, workstations,
devices, servers, and workstations. databases, applications
Continuous, On-Demand Monitoring using Cloud-Based - Get approval, plan for the assessment
Vulnerability Scanners Software as a Service (SaaS) is a newer 2. Information gathering ( ServiceNow, Subnets, etc )
sort of vulnerability scanner that is given on-demand (SaaS). 3. Vulnerability Scanning- Nessus, Nexpose, Qualys, etc
On-demand scanners, like software-based scanners, include 4. Data analysis/ False positive/ Exceptions review
links for downloading vendor fixes and updates for discovered 5. Report Generation
vulnerabilities, which cuts down on remediation time. Scanning
thresholds are also included in these services to prevent devices
from becoming overloaded during the scanning process, which IV. EXPERIMENT WITH NESSUS AND NEXPOSE TOOLS
might cause them to crash.
For this research, I chose Nessus and Nexpose as my tools. I
looked at Nessus and Nexpose because they are both excellent
III. TOP VULNERABILITY SCANNING TOOLS tools for scanning IT infrastructure.

Vulnerability scanners employ a continually updated list of Nessus: Nessus is a remote security scanning application that
databases to find and classify flaws so that their solutions can examines a computer and alerts you if it finds any
be prioritized. Some vulnerability scanners even go so far as to vulnerabilities that malevolent hackers could exploit to obtain
automatically patch the flaw, relieving security professionals access to any computer on your network. It accomplishes this
and developers of the task. by doing over 1200 checks on a specific machine, determining
whether any of these assaults could be used to break into or
1) Nessus: Tenable Nessus runs lightning-fast, in-depth scans harm the computer.
to find vulnerabilities before they are discovered by an attacker. Nessus by Tenable Network Security. It is more than a
The solution takes a risk-based approach to identify and assess scanner; it is an integrated platform that delivers the most
vulnerabilities. As a result, it gives threat levels to each found comprehensive coverage for Vulnerability Management and
vulnerability based on how serious or minor the threat is to the configuration verification, CVE plugins and updates, SCADA
security of your system. With over two million downloads checks with a range of UNIX and Linux, and Regulations
worldwide, Nessus is one of the most popular vulnerability compliance all under the same license.
scanners. Nessus also offers thorough coverage, with over
59,000 CVEs scanned.
A. Who would utilize such a device?
2) Nexpose: Nexpose by Rapid7 captures data in real-time to
provide a continuous view of an organization's changing
network. Because the CVSS risk score scale is 1-10, this If you're the authority of a computer (or a collection of
vulnerability scanner created its own 1-1000 risk score scale to computers) that's linked to the internet, Nessus is an excellent
add more detail. It also determines vulnerability age, tool to use to keep your domains safe from the common
vulnerability proof, vulnerability solution, and public vulnerabilities that hackers and viruses seek.
exploits/malware kits.
3) Nmap: Nmap is a free, open-source security scanner that B. Exactly what Nessus isn't:
is also used by businesses for network discovery, inventory,
service upgrade schedule management, and host or service Nessus isn't a full-fledged security solution; rather, it's an
uptime monitoring. Nmap is popular because of its versatility, important component of a well-rounded security approach.
capacity, portability, and ease of use. Nmap is a versatile tool Nessus is a tool that scans your systems for weaknesses that
since it can map a network with packet filters, firewalls, routers, hackers could use. It does not actively prevent attacks. The
and other barriers. Nmap can be used to scan a network as large system administrator is responsible for patching these
as thousands of computer hosts or as tiny as a single host. Nmap vulnerabilities and creating remediation.
is portable since it runs on Linux, Microsoft Windows, and so
on. Nmap is included in several operating systems, including
BT5 and Kali Linux. C. Factors at work:
 - Nessus does not make assumptions about your server setup
which can lead to serious vulnerabilities being missed.
- Nessus is incredibly expandable, with a scripting language
that allows you to develop tests that are specific to your system
once you've gotten to know the tool. It also has a plug-in
interface, and the Nessus plug-in site has a large number of free
plug-ins. These plugs are frequently designed to identify a
specific infection or vulnerability.
- New vulnerabilities and exploits are constantly being
discovered. The Nessus team updates the list of vulnerabilities Fig. 3 Basic Network Scan Page
to look for on a regular basis in order to reduce the time between
when an exploit is discovered in the wild and when you may - Credentials can be configured for a scan as an option. This
detect it with Nessus. permits certified scans to run, which can provide far more
- It's free and open-source. Nessus is free and open-source, detailed information and a more thorough assessment of your
which means you can look at and edit the code as you see fit. environment's vulnerabilities. Alternatively, you can save the
- When Nessus identifies a vulnerability, it will almost scan and run it later, or you can run it now.
always be able to propose the best method to mitigate it.

D. How does it work?

1. Installation: Visit get the latest recent release of Nessus

and go to www.nessus.org. On the Unix-based PC, this will
install the Nessus server software as well as a client.

Fig. 4 Scanning Targeted Website

- Viewing scan findings might assist you in gaining a better
understanding of your company's security posture and
weaknesses. You may customize how you view your scan's
results using color-coded indicators and customized viewing
choices.

Nexpose: Nexpose security control provides access to

Fig. 2 Nessus Professional: Vulnerability Assessment Solution manage hosts, scan profiles, reports, licenses, and dashboards
implemented in sites. It includes a built-in Postgres SQL
2. Running a Scan: To execute a scan, first, start up a Nessus database that stores scan templates, policies, and scan results,
server on some machine, then start up a Nessus client. After among other things. The web browser can be used to interface
you've installed and run Nessus, may begin scanning. To begin, with nexpose. Except for the free nexpose community version,
go to the top navigation bar and select scan. Then on the My all of the nexpose editions are purchased. Nexpose detects
Scans page, click the New Scan button. active services on the machine, such as open ports, services, and
- After that, select the scan template. Scan templates make running applications. Nexpose prioritizes the most serious
the process easier by deciding which settings can be changed threats based on threat intelligence that is matched with the
and how they can be changed. company’s priorities. Focusing remediation efforts on the most
- Configure the settings in the Basic Settings section: The effective activities can help decrease risk with the least amount
name of the scan or policy is specified here. On the Nessus of effort and keep the IT team on track.
interface, this value is displayed. One or more targets to be Rapid7's NeXpose is available in four different versions,
scanned are specified. You are not required to provide extra each with its own set of features and benefits that expand as we
targets if you choose a target group or upload a target file. obtain more licenses. First, it has the "Community Edition" free
edition, which can be used for seven days for free to scan up to
a predetermined number of IPs. The "Express" edition is next,
followed by the "Express Pro" edition, and lastly the
"Enterprise4" edition. All of them propose their proposals at
annual fees ranging from USD $ 2,000 to USD $ 25,000.
 A. Factors at work:

- Nexpose finds assets and scans for vulnerabilities within

an organization's mobile, virtual, physical, and cloud contexts
then prioritizes risk based on the exploitability of those
vulnerabilities. It also prioritizes vulnerability patching and
scanning on a regular basis by allowing administrators to set
security alarms.
- Nexpose includes a unique feature of Live Monitoring that
gathers all accessible data and translates it into action plans. The
sophisticated exposure analytics function of nexpose finds and
prioritizes vulnerabilities that are exploited first. As a result,
security managers are spared from being overburdened by
security notifications. The Liveaboards feature is used to
replace the results of a static dashboard with dynamic visual
reporting. Rapid 7 has released a new tool for nexpose called Fig. 6 Scanning Targeted Website
remediation workflow, which is used to track and manage an
organization's security employees as well as analyze the - As shown in the below image, give a name to the site and
progress of fixing vulnerabilities. a description in the General tab. Its importance can be set
anywhere between Very Low and Very High.

B. How does it work?

1. Downloading and Installing Nexpose: Nexpose

Community Edition can be downloaded from the Rapid7
website. The Nexpose Security Web Console page will activate
once logged in and accomplished all of the required activations,
and able to run refer scan:

Fig. 7 Scanning site configuration

- Include and exclude are the two sections of the Assets

configuration page.
- Provide the target IP address in the Include section, but if
want to scan the entire network, provide the entire IP range.
- The IP address is excluded from scanning using the
Fig. 5 Nexpose Console Exclude section. If scanning an entire IP range and want to
exclude some IPs from the scan, it can be done by adding them
2. Running a Scan: To begin a new scan, go to the home to the exclude assets section.
page, and select Site from the Create dropdown menu. The "Site - If need to add any credentials, it can be done in the
Configuration" screen will appear in the Security Console. Authentication section.
- Set up a specific Scan Template. The default Scan
Template, which is a full Audit sans Web Spider.
- Now choose an engine for the scan i.e. Local Scan Engine.
- As gathered all of the necessary information to prepare the
site for a scan. Click the Save and Scan button in the upper right
corner of the Nexpose console panel to begin scanning.
- When the scan is finished, the result clearly shows the
number of vulnerabilities found, the risk score, and the scan
duration.
- Over the Vulnerabilities page, it can refer to the
vulnerabilities stated, as well as their Common Vulnerability
Scoring System (CVSS) score, which ranges from highest to
lowest. The intriguing thing is that at least one of these exploits
has been published in the Exploit database and is vulnerable to CentOS 7, Oracle
numerous Metasploit modules. Linux 7, SUSE
- When clicking on a specific vulnerability that is a critical Linux Enterprise
threat, it displays information about the vulnerability, such as Server 12
its severity, whether it is password protected or not, version, and Support SOC 2 Type
so on. II, AWS Security
Competency, Best practice
V. COMPARISON OF NESSUS AND NEXPOSE Sarbanes-Oxley Act guidance and
Please find below the comparison of Nessus and Nexpose (SOX), EU General security policies,
Features. Data Protection such as CIS
TABLE 2 Regulation (GDPR), benchmarks,
COMPARISON BETWEEN NEXPOSE AND NESSUS FEATURES Compliance and other SOX, FISMA,
Checks regulations. HIPAA, etc.
Nessus There is a remote
Parameter Nexpose Professional scan option
Offsite scan Available available.
SSH public key
authentication, support IPv6 support IPv6
password-based IPv6 scanning scanning
authentication, Hardware
Kerberos SSH public key Solution Available Not Available
authenticated scan, authentication, Vectors of Attack on
LDAP password-based the Desktop (Adobe
authentication, and authentication, Reader, Acrobat,
Authenticated other options are and more options Quicktime,
Scan available. are available. Browsers, Flash,
It's possible to install Java), Identify
it on Ubuntu Linux vendor
20.04 LTS. vulnerabilities
Ubuntu Linux 18.04 (Adobe, Apple,
LTS, Ubuntu Linux Microsoft), web
16.04 LTS, Ubuntu vulnerabilities
Linux 15.04 LTS, (Apache, IIS,
Ubuntu Linux 15.04 OWASP Top 10,
LTS, Ubuntu Linux PHP, XSS, SQL
15.04 LTS, Red Hat Injection, Browsers),
Enterprise Linux operating systems
Server 8, Red Hat (Microsoft
Enterprise Linux Windows, Linux,
Server 7, Red Hat Mac OS X), and
Enterprise Linux database
Server 6, CentOS 7, vulnerabilities
Oracle Linux 7, (Apache, IIS,
SUSE Linux OWASP Top 10,
Enterprise Server Vulnerabilities PHP, XSS, SQL
12, Microsoft in Web Injection, Browsers) Determine the
Windows Server Applications (Oracle, Microsoft existence of
2019, Microsoft Debian / Kali that have been SQL Server, known web
Windows Server Linux, Red Hat / found MySQL), application flaws.
2016, Microsoft CentOS / Oracle In Nessus, there
Windows Server Linux, Fedora, are three levels of
2012 R2, Microsoft FreeBSD, A report on priority compliance: Pass,
Windows 8.1, Red Ubuntu, Mac OS concerns is Fail, and
Hat Enterprise X, Windows Audit Report available. Warning.
Linux Server 8, Red Server 2008 and
Hat Enterprise 2012, SUSE Support Available Available
Supported Linux Server 7, Red Linux, Windows
Operating Hat Enterprise 7, 8, and 10 are Please find below the comparison of Nessus and Nexpose
System Linux Server 6, all supported.
Pricing. TABLE 5
OWASP TOP 5 VULNERABILITIES AND PREVENTIONS
TABLE 3
COMPARISON BETWEEN NEXPOSE AND NESSUS PRICING Vulnerabilities Preventive
Vulnerabilities Description Measures
InsightVM Nessus Injection issues
When an attacker are easily
1 Year- $3,390.001 License with One-Time
submits untrusted detected via
$22/Asset Purchase
data to an interpreter, application
- $3790 1 Year + Advanced Support injection problems security testing.
such as SQL When coding,
- 2 Years- $6,610.501 License injection, CRLF developers should
injection, and LDAP use parameterized
- $7,030 2 Years + Advanced Support
Injection injection occur. queries.
- 3 Years- $9,661.501 License Attackers could
compromise
Free Trial Free Trial
passwords, keys, or
session tokens, or
People have given Nexpose and Nessus vulnerability tools take control of users'
positive feedback. Check out this side-by-side comparison of accounts to assume
InsightVM (Nexpose) vs Nessus based on user preference data. their identities if user
With 62 reviews, InsightVM (Nexpose) has a rating of 4.4/5 and session
stars. Nessus, on the other hand, has 231 reviews and a rating authentication is
of 4.4/5 stars. The score for each product is computed using Broken implemented Multi-factor
real-time data from verified user reviews. Here's a quick Authentication incorrectly. authentication
rundown of what they said in their reviews. Because applications
fail to safeguard
TABLE 4 sensitive data such as
REVIEW T ABLE financial
information,
usernames, and Data encryption
Features InsightVM Nessus passwords, attackers in transit and at
Meet Requirements √ √ may be able to gain rest can assist you
access to such in complying with
Ease of Use √ √ Sensitive Data information and data protection
√ √ Exposure perpetrate fraud. rules.
Ease of Setup
External entity By evaluating
Quality of Support √ √ references in XML dependencies and
documents are configuration,
Detection Rate √ √
evaluated by poorly static application
False Positive √ configured XML security testing
processors. External (SAST) can
Small Business √ XML External entities can be used detect this
Entities (XXE) by attackers. problem.
Mid Business √ √
Authenticated users Other testing
Enterprise √ √ with improperly methods only
configured or absent detect when
restrictions can access controls
VI. OWASP TOP 5 VULNERABILITIES AND PREVENTIONS access unauthorized are lacking;
functionality or data, penetration
such as accessing testing is required
The Open Web Application Security Project (OWASP) is a other users' accounts to detect non-
non-profit global online community that creates articles, Broken Access or seeing sensitive functional access
documentation, tools, and technology on the subject of web control documents. restrictions.
application security. It has tens of thousands of members and
hundreds of chapters.
 VII. CONCLUSION [9] Im, Sun-young, et al. "Performance evaluation of network
scanning tools with operation of firewall." 2016 Eighth
Attackers have become bolder in their attempts to enter International Conference on Ubiquitous and Future Networks
secure networks, and cyber-attacks are at an all-time high. They (ICUFN). IEEE, 2016.
will be successful if their scans uncover weaknesses that can be [10] Stephenson, P. "Tenable Network Security Nessus."
exploited to their benefit. This is why all firms, regardless of (2015).
size, need vulnerability scanners, preferably ones that run
continuously and automatically.
Both Nexpose and Nessus Professional are excellent tools for
scanning IT infrastructure. The results reveal that the number
of security vulnerabilities detected by different technologies
varies significantly. Comparing vulnerability scanners to anti-
virus programs may be beneficial. Both are critical to security
control and will improve a company's security posture. A
vulnerability scanner, like anti-virus software, will not find all
of the harmful stuff. Security experts prefer to utilize Nessus to
audit IT systems. Nessus is the natural pick of the two for most
organizations with the funding for an optimal vulnerability
scanning experience. We hope to detail preventive maintenance
schedules and well-known approaches to secure website owners
in the future study. Each option has the potential to improve an
organization's ability to fix discovered vulnerabilities and, as a
result, contribute to a safer, more secure society.

VIII. REFERENCES

[1] Harrell, Christopher R., et al. "Vulnerability Assessment,

Remediation, and Automated Reporting: Case Studies of
Higher Education Institutions." 2018 IEEE International
Conference on Intelligence and Security Informatics (ISI).
IEEE, 2018.
[2] Wang, Yien, and Jianhua Yang. "Ethical hacking and
network defense: Choose your best network vulnerability
scanning tool." 2017 31st International Conference on
Advanced Information Networking and Applications
Workshops (WAINA). IEEE, 2017.
[3] Holm, Hannes, and Teodor Sommestad. "Sved: Scanning,
vulnerabilities, exploits and detection." MILCOM 2016-2016
IEEE Military Communications Conference. IEEE, 2016.
[4] Appiah, Vincent, et al. "Survey of Websites and Web
Application Security Threats Using Vulnerability Assessment."
(2018).
[5] Aarya, P. S., et al. "Web Scanning: Existing Techniques
and Future." 2018 Second International Conference on
Intelligent Computing and Control Systems (ICICCS). IEEE,
2018.
[6] Gorbenko, Anatoliy, et al. "Experience report: Study of
vulnerabilities of enterprise operating systems." 2017 IEEE
28th International Symposium on Software Reliability
Engineering (ISSRE). IEEE, 2017.
[7] Yadav, Ravinder, and Aakash Goyal. "Web Application
Security." International Journal of Computer Science and
Mobile romnlltlno-Vol1 Tccru 10 (2014): 349-355.
[8] Kushe, R. "Comparative Study of Vulnerability Scanning
Tools: Nessus Vs Retina." Security & Future 1.2 (2017): 69-71.