IT security is a vast and exciting domain, with Vulnerability Assessment and Penetration Testing as the most important and commonly performed activities across organizations to secure the IT infrastructure and to meet compliance requirements. Learning Nessus for Penetration Testing gives you an idea on how to perform VA and PT effectively using the commonly used tool named Nessus.
This book will introduce you to common tests such as Vulnerability Assessment and Penetration Testing. The introduction to the Nessus tool is followed by steps to install Nessus on Windows and Linux platforms. The book will explain step-by-step explain how to go about doing actual scanning and result interpretation, including further exploitation. Additional features offered such as using Nessus for compliance checks are also explained. Important concepts such as result analysis to remove false positives and criticality are also explained. How to go about performing Penetration Testing using the Nessus output is explained with the help of easy-to-understand examples. Finally, over the course of different chapters, tips and insights from real-world challenges faced during VA activity will be explained as well.
We hope you enjoy reading the book!
Chapter 1, Fundamentals, covers an introduction to Vulnerability Assessment and Penetration Testing, along with an introduction to Nessus as a tool and steps on installing and setting up Nessus.
Chapter 2, Scanning, explains how to configure a scan using Nessus. This chapter also covers the prerequisites for a scan, how to configure a scan policy, and so on.
Chapter 3, Scan Analysis, explains analysis of a scan’s output, including result analysis, false positive analysis, vulnerability analysis, and exploiting vulnerabilities.
Chapter 4, Reporting Options, covers how to utilize different reporting options using Nessus. This chapter also talks about report generation, report customization, and report automation.
Chapter 5, Compliance Checks, explains how to utilize auditing options using Nessus, how it is different from Vulnerability Assessment, how an audit policy can be configured, and what the common compliance checks offered by Nessus for different environments are.