Choose Location of Scan-ServerTopPlanning OpenVAS-based Network AuditingConsider Coverage of Available Vulnerability Tests

Consider Coverage of Available Vulnerability Tests

One of the first tasks of planning security audits with OpenVAS is to compare your targets with the available vulnerability tests.

Please be aware that the OpenVAS server releases (actually the releases of its module "openvas-plugins") delivers only a base set of tests. The update cycle of this base set is long compared to the occurrence of new vulnerabilities and respective NVTs. New or changed tests are promptly distributed via so-called "feed services".

If you want to test your network against the latest threats, an accurate report depends on the quality of the feed service(s) you are subscribed to. Although the set of tests provided by "openvas-plugins" will detect many older, well-known vulnerabilities, it will be outdated by the time you use it and will not detect the most recent vulnerabilities. In order to stay up-to-date with the latest security threats, you will need a feed service that provides you with the most recent tests.

The OpenVAS project maintains a feed of its own:

http://www.openvas.org/openvas-nvt-feed.html

To evaluate your need for an up-to-date feed service, you should think about the following questions:


Choose Location of Scan-ServerTopPlanning OpenVAS-based Network AuditingConsider Coverage of Available Vulnerability Tests