Consider Coverage of Available Vulnerability Tests

Consider Coverage of Available Vulnerability Tests

As one of the first tasks of planning security audits based on OpenVAS, you should compare your targets with the coverage of the currently available OpenVAS vulnerability tests.

Please be aware that the OpenVAS server releases (actually the releases of its module "openvas-plugins") delivers a base set of tests. The update cycle of this base set is quite long compared to the occurrence of new vulnerabilities and respective NVTs. New or changed tests are promptly distributed via so-called "feed services".

If you want to test your network against the latest threats, a successful outcome will depend on the quality of the feed service(s) you subscribed to. Although the set of tests provided by "openvas-plugins" will detect a large range of older, well-known vulnerabilities, it will most probably be outdated by the time you use it and will not be able to detect the most recent vulnerabilities. In order to stay up-to-date with the latest security threats, you will need a feed service that provides you with the most recent tests for these threats.

The OpenVAS project maintains a feed of its own:

http://www.openvas.org/openvas-nvt-feed.html

To evaluate your need for an up-to-date feed service, you should think about the following questions:

• To what extent do the available feeds and their maintained families cover my audit target?
• In case you are planning a permanent auditing solution and not just a single shot: How sustainable is the feed service organized?
• Does the feed deliver signatures on the NVTs with a trust level for quality you are comfortable with?

---

Consider Coverage of Available Vulnerability Tests