Before applying changes, F-Secure recommends that you discuss all potential changes with your network administrator. The following summarizes the requirements for enabling WinRM authenticated scanning for Windows: If a Linux scan node is in use, a user account must meet the following requirement: Local user account added to the Administrators group If a Windows scan node is […]
Category: F-Secure Business
F-Secure for Android(147)
F-Secure for IOS(178)
F-Secure for MAC(169)
F-Secure for Windows(201)
Windows authenticated scanning (WinRM) (F-Secure)
This section provides instructions on how to prepare your internal network for authenticated scanning using Windows Remote Management (WinRM). F-Secure Elements Vulnerability Management supports two ways of authenticating to Windows systems: If the scan node is deployed on a Windows computer, use the scan node service account credentials (recommended) Specify credentials explicitly in the F-Secure […]
Finding internet-facing systems (F-Secure)
You can find your organization’s internet-facing systems in Elements Vulnerability Management with Internet discovery. Internet discovery uses crawling and port mapping to allow you to collect data on public systems. You can search for data based on location, top-level domain, pay-level domain, keywords, host name, and IP address. You can add the discovered hosts to […]
Generating recordings with Fiddler (F-Secure)
Fiddler is a free web debugging proxy for various browsers, systems, and platforms. Download Fiddler. Configure your browser to use it as proxy on localhost port 8888. This is Fiddler’s default proxy configuration. Browse the target web application and save the Fiddler recording as a SAZ archive: Select the list of URLs you want to export. Select Save > Selected Sessions > in ArchiveZIP… from the […]
Generating recordings with Burp Proxy (F-Secure)
Burp Proxy is an intercepting proxy server for security testing of web applications. Download Burp Suite (Free Edition) and run it. If you are not familiar with the tool, read the Getting started with Burp Suite guide. Record the target application. Save the data to an XML file: Go to the Proxy > History tab. Select the requests from the list […]
Web scan recordings (F-Secure)
Recordings are used to feed web scans with valid HTTP requests to use during scanning. With a recording, the scanner can follow a normal user’s activity, and will as a result get deeper into the application’s logic and potentially identify more vulnerabilities. Recordings are useful when certain functionality cannot be identified by the crawling engine […]
Adding a web scan (F-Secure)
You can add new web scans to any scan group that is configured to include them. To add and configure a new web scan: Go to the Network scans page. Click the menu icon and select Add web scan. Enter the general settings for the scan: Enter the URL that you want to scan in the Scan target URL field. […]
Web scan (F-Secure)
Web scan allows you to scan and test web applications. You can use web scans during the development of new applications as part of the development life cycle. This results in being able to uncover vulnerabilities faster, thus significantly reducing the cost and amount of resources required to mitigate vulnerabilities at a later stage, as […]
System scan configuration options (F-Secure)
You can use the tooltips next to any of the options in the UI to see more information about them. General Define a Template name. We recommend that you make this as descriptive as possible. Define the TCP/UDP Port range that you want to scan. We recommend that you perform a full TCP/UDP port scan to ensure full […]
Configuring system scans (F-Secure)
You can use templates to configure multiple system scans at a time (recommended), or you can configure individual scans. A scan template is assigned to a scan group and the template is applied to all hosts within that group. To configure system scans, define the desired port range to scan and if needed, modify the […]