1 00:00:07,090 --> 00:00:08,420 - [Tutor] Now in the previous lessons 2 00:00:08,420 --> 00:00:11,210 you actually learn about many different tools, 3 00:00:11,210 --> 00:00:14,850 that you can actually use to find vulnerabilities right. 4 00:00:14,850 --> 00:00:16,070 There're many different scanners, 5 00:00:16,070 --> 00:00:19,540 both open-source and commercial scanners, 6 00:00:19,540 --> 00:00:21,610 as well as cloud services, 7 00:00:21,610 --> 00:00:23,870 that you can actually use to find vulnerabilities 8 00:00:23,870 --> 00:00:25,870 in a network or device right. 9 00:00:25,870 --> 00:00:27,800 Now here some of the most popular ones. 10 00:00:27,800 --> 00:00:29,540 This is actually just a refresher, 11 00:00:29,540 --> 00:00:30,840 as I mention to you. 12 00:00:30,840 --> 00:00:32,280 You actually have OpenVAS 13 00:00:32,280 --> 00:00:35,390 which is an open-source vulnerability scanner. 14 00:00:35,390 --> 00:00:37,420 You have Nessus from Tenable. 15 00:00:37,420 --> 00:00:39,333 Nexpose from Rapid7, Qualys. 16 00:00:40,530 --> 00:00:43,440 You also learn about SQL injection. 17 00:00:43,440 --> 00:00:45,120 So there's a tool that you actually use 18 00:00:45,120 --> 00:00:48,880 or you saw, before called SQL map, 19 00:00:48,880 --> 00:00:51,080 to find SQL injection vulnerabilities. 20 00:00:51,080 --> 00:00:52,570 You also have Nikto. 21 00:00:52,570 --> 00:00:54,385 In the case of web applications, 22 00:00:54,385 --> 00:00:57,440 and this actually allows you to scan a web application 23 00:00:57,440 --> 00:00:58,870 and find vulnerabilities. 24 00:00:58,870 --> 00:01:00,890 You also have Burp Suite. 25 00:01:00,890 --> 00:01:03,180 And with Burp, there are two versions. 26 00:01:03,180 --> 00:01:05,760 Of course, there's a free commercial, 27 00:01:05,760 --> 00:01:07,567 free community edition, 28 00:01:07,567 --> 00:01:10,220 and also the commercial version, right. 29 00:01:10,220 --> 00:01:12,270 The commercial version of Burp Suite 30 00:01:12,270 --> 00:01:15,260 allows you to actually do automated scanning. 31 00:01:15,260 --> 00:01:18,610 Now you also have the OWASP Zed Attack Proxy 32 00:01:18,610 --> 00:01:20,660 or ZAP for short, 33 00:01:20,660 --> 00:01:23,720 that allows you to also do, some you know, 34 00:01:23,720 --> 00:01:25,900 scanning against web applications. 35 00:01:25,900 --> 00:01:30,620 You also have the w3af tool and Sparta as well. 36 00:01:30,620 --> 00:01:32,270 Those are all tools 37 00:01:32,270 --> 00:01:35,203 that are used for a vulnerability scanning.