Windows authenticated scanning (WinRM) (F-Secure) 0 (0)

This section provides instructions on how to prepare your internal network for authenticated scanning using Windows Remote Management (WinRM). F-Secure Elements Vulnerability Management supports two ways of authenticating to Windows systems: If the scan node is deployed on a Windows computer, use the scan node service account credentials (recommended) Specify credentials explicitly in the F-Secure […]

Read More

Finding internet-facing systems (F-Secure) 0 (0)

You can find your organization’s internet-facing systems in Elements Vulnerability Management with Internet discovery. Internet discovery uses crawling and port mapping to allow you to collect data on public systems. You can search for data based on location, top-level domain, pay-level domain, keywords, host name, and IP address. You can add the discovered hosts to […]

Read More

Generating recordings with Fiddler (F-Secure) 0 (0)

Fiddler is a free web debugging proxy for various browsers, systems, and platforms. Download Fiddler. Configure your browser to use it as proxy on localhost port 8888. This is Fiddler’s default proxy configuration. Browse the target web application and save the Fiddler recording as a SAZ archive: Select the list of URLs you want to export. Select Save > Selected Sessions > in ArchiveZIP… from the […]

Read More

Generating recordings with Burp Proxy (F-Secure) 0 (0)

Burp Proxy is an intercepting proxy server for security testing of web applications. Download Burp Suite (Free Edition) and run it. If you are not familiar with the tool, read the Getting started with Burp Suite guide. Record the target application. Save the data to an XML file: Go to the Proxy > History tab. Select the requests from the list […]

Read More

Web scan recordings (F-Secure) 0 (0)

Recordings are used to feed web scans with valid HTTP requests to use during scanning. With a recording, the scanner can follow a normal user’s activity, and will as a result get deeper into the application’s logic and potentially identify more vulnerabilities. Recordings are useful when certain functionality cannot be identified by the crawling engine […]

Read More

Adding a web scan (F-Secure) 0 (0)

You can add new web scans to any scan group that is configured to include them. To add and configure a new web scan: Go to the Network scans page. Click the menu icon and select Add web scan. Enter the general settings for the scan: Enter the URL that you want to scan in the Scan target URL field. […]

Read More

Web scan (F-Secure) 0 (0)

Web scan allows you to scan and test web applications. You can use web scans during the development of new applications as part of the development life cycle. This results in being able to uncover vulnerabilities faster, thus significantly reducing the cost and amount of resources required to mitigate vulnerabilities at a later stage, as […]

Read More

System scan configuration options (F-Secure) 0 (0)

You can use the tooltips next to any of the options in the UI to see more information about them. General Define a Template name. We recommend that you make this as descriptive as possible. Define the TCP/UDP Port range that you want to scan. We recommend that you perform a full TCP/UDP port scan to ensure full […]

Read More

Configuring system scans (F-Secure) 0 (0)

You can use templates to configure multiple system scans at a time (recommended), or you can configure individual scans. A scan template is assigned to a scan group and the template is applied to all hosts within that group. To configure system scans, define the desired port range to scan and if needed, modify the […]

Read More

Adding a system scan (F-Secure) 0 (0)

We recommend that you add a new system scan by adding hosts to a scan group based on the results of a discovery scan, but you can also add a new system scan to the scan group separately. If you need to add a new system scan manually: Go to the Network scans page. Click the menu […]

Read More