Description

Become a vulnerability assessment professional with the Nessus scanner for networks and learn to analyze and rank vulnerabilities, both manually and through automation. Explore vulnerability scanning with Metasploit and write custom professional reports. Learn to import results of Nmap in Nessus and create VA Project Worksheets to analyze vulnerability assessments.

Nessus is a vulnerability scanner that helps security professionals identify and remediate potential vulnerabilities in their network, applications, and infrastructure with a wide range of features, including vulnerability scanning, compliance management, and reporting, to help organizations assess their security and mitigate risks. This course provides the knowledge and skills needed to use Nessus effectively. We will start with the basics, such as installing and setting up Nessus, and then move on to more advanced topics such as customizing scans and automating security testing. We will differentiate Nessus Essentials versus Nessus Professional and understand automated vulnerability scanning. You will learn to write custom professional reports and learn tips and tricks to handle Nessus well. We will explore the concept of second opinion scanning and differentiate unauthenticated and authenticated scans. We will explore network and web application scans and import results of Nmap in Nessus; we will create a VA Project Worksheet and explore vulnerability scanning with Metasploit. You will learn to manually analyze and rank vulnerabilities. By the end of this course, you will have learned everything needed to perform a complete vulnerability assessment independently using Nessus and identify, analyze, and rank security vulnerabilities.

What You Will Learn

Explore unauthenticated/authenticated scans and network/web app scans
Automate vulnerability scanning and write custom professional reports
Understand the concepts of second opinion scanning
Learn and perform a vulnerability scanning using Metasploit
Learn to import the results of Nmap in Nessus
Analyze/rank vulnerabilities and create a VA Project Worksheet

Audience

This course is designed to deliver content for penetration testers looking to build deeper knowledge of Nessus, cybersecurity enthusiasts desiring to learn more about vulnerability assessments, and freelancers wishing to add an in-demand skill to their profile. The prerequisites for the course include a computer/device with Windows/OSX/Linux. No programming or hacking knowledge is required. The ability to Google using intermediate to advanced skills for obtaining information is desirable.

Approach

The course is developed over well-structured, explanatory video lectures with live on-screen demonstrations and practicals to ensure that you learn each skill step by step. The course delivers concepts in a tutorial style, explaining topics for beginners and gradually moving to more advanced concepts comprehensively.

Key Features

Perform automated vulnerability assessments with Nessus and write customized assessment reports * Differentiate scans, assessment, management, and active/passive information gathering techniques * Independently interpret and communicate the results of a vulnerability assessment scan with reports

Github Repo

https://github.com/Paramkrishna/Nessus-Scanner---Network-Scanning-from-Beginner-to-Advanced

About the Author

Avinash Yadav

Avinash Yadav is a young information security expert with a special focus on cybersecurity management as well as double-blind penetration testing. He brings his experience to the table through his passion for teaching. He has authored a couple of online courses with well-curated concepts and practicals on penetration testing and information security that the students can pursue to build up skills that are needed to be able to work in the cybersecurity domain rather than just focusing on random sources of information. He looks forward to helping aspiring students on their journey to explore penetration testing, ethical hacking, and information security to become the person they would want to be, in an arguably short period of time!

Course Outline

1. Welcome to the Course

This section is a comprehensive guide that covers the basics to advanced techniques for using this powerful tool to scan your network for vulnerabilities and potential security risks. The course is designed for both beginners and experienced security professionals and includes step-by-step instructions and practical examples to help you learn.

1. Introduction and the "Why" You Need This Course

In this video, we will discuss the importance of using a vulnerability scanner like Nessus to identify potential security risks in our network. We will discuss the growing importance of network security in today's digital age, potential consequences of a security breach, including financial losses, damage to an organization's reputation, and legal liabilities.

1. Introduction and the "Why" You Need This Course

2. Setting Up the Laboratory

This section focuses on setting up a virtual lab environment using VMware Workstation Player, which is a free and open-source virtualization tool. We will look at the step-by-step instructions for installing VMware Workstation Player and creating virtual machines (VMs).

1. Installing Our Practice Lab

This video demonstrates how to install Nessus version 10.3.0 for the Windows platform. Options are available for Linux and macOS also. We will follow the step-by-step instructions and successfully install Nessus as our practice lab. We will go ahead and install the Nessus Essentials free version.

1. Installing Our Practice Lab

2. Getting Nessus Essentials/PRO

In this video, we will get Nessus Essentials or Professional (which is a commercial version of Nessus that offers additional features and capabilities beyond the free version). We will discuss the differences between Nessus Essentials and PRO, the process of downloading and installing Nessus, as well as activating and setting up our Nessus account.

2. Getting Nessus Essentials/PRO

3. Basics of Vulnerability Analysis

This section focuses on the basics of vulnerability analysis, which is the process of identifying and assessing vulnerabilities in a network or system. We will discuss the importance of vulnerability analysis and how it fits into the larger context of network security, dive into the different types of vulnerabilities that can exist in a network or system.

1. Everything "Theory" of Vulnerability Assessment in One Video

This lesson provides an overview of the theory behind vulnerability assessment, the different types of vulnerabilities in a network or system, the importance of vulnerability assessment in network security, and the common vulnerability scoring system (CVSS) used for assessing the severity of vulnerabilities.

1. Everything "Theory" of Vulnerability Assessment in One Video

2. Prerequisite: Passive Information Gathering (Don't Skip)

In this video, we cover the basics of passive information gathering, which is the process of collecting information about a target network or system without directly engaging with it. We will look at the common tools and techniques used for passive information gathering, including WHOIS and Maltego lookups.

2. Prerequisite: Passive Information Gathering (Don't Skip)

3. Prerequisite: Active Information Gathering (Don't Skip)

In this video, we will cover the basics of active information gathering, the process of actively engaging with a target network or system to gather information. We will discuss the importance of active information gathering in the context of vulnerability assessment. We will then use some common tools and techniques for active information gathering.

3. Prerequisite: Active Information Gathering (Don't Skip)

4. Manual Vulnerability Assessment Without Using Any Tool

In this video, you will learn about the basics of manual vulnerability assessment, the process of identifying potential vulnerabilities in a network or system without automated tools. You will learn about the different types of vulnerabilities, and identify potential vulnerabilities based on system configuration, security policies, and user behavior.

4. Manual Vulnerability Assessment Without Using Any Tool

4. Each Tab of Nessus In-Depth

In this section, we will explore each tab of Nessus in depth. We will cover how to use each tab in the Nessus interface to configure and run scans, have a thorough understanding of each tab in Nessus and use them to configure and run vulnerability scans, and use Nessus effectively and efficiently in a vulnerability management program.

1. Let's Get an 10,000 Foot Overview of Nessus

Here, you will learn about the features and capabilities of Nessus, including its ability to scan for thousands of known vulnerabilities, its support for compliance and configuration auditing, and its ability to integrate with other security tools.

1. Let's Get an 10,000 Foot Overview of Nessus

2. How to Use Folders of Nessus (My Scans, All Scans, and Trash)

The video explains how the folders feature can help better organize and manage scans. You will learn about the different types of folders available, including My Scans, scans that we created and configured, All Scans, the scans that have been run on our Nessus system, and Trash, which is where deleted scans are stored.

2. How to Use Folders of Nessus (My Scans, All Scans, and Trash)

3. Practical: Running a Basic Nessus Scan on a Real Machine

The video overviews the basic steps involved in setting up and running a Nessus scan. You will learn to create a new scan policy, configure scan settings, and launch a scan. We will set up and run a basic scan on a real machine using Nessus for vulnerability scanning and analysis and build a foundation for more advanced scanning techniques later.

3. Practical: Running a Basic Nessus Scan on a Real Machine

4. Practical: Host Discovery Scan and OS Identification Scan

In this video, you will learn to perform host discovery and operating system identification scans using Nessus, use Nessus to perform host discovery and operating system identification scans, identify the systems and devices on a network, and improve the vulnerability scanning accuracy.

4. Practical: Host Discovery Scan and OS Identification Scan

5. How to use Resources of Nessus (Policies and Plugin Rules)

In this video, you will learn to use the resources of Nessus, including policies and plugin rules, customize our vulnerability scanning program to meet the specific needs of our network environment and improve the accuracy and effectiveness of our scans.

5. How to use Resources of Nessus (Policies and Plugin Rules)

6. How to Use Settings of Nessus

In this video, you will learn to use the settings of Nessus to customize scans and improve the accuracy and effectiveness of a vulnerability scanning program. You will learn to identify and remediate vulnerabilities in a network environment more effectively and efficiently.

6. How to Use Settings of Nessus

7. See How I Analyze Results of a Done Nessus Scan (Nobody Will Teach You This!)

In this video, you will learn to analyze the results of a Nessus scan to identify vulnerabilities and prioritize remediation efforts, best practices for analyzing Nessus scan results, including how to validate the accuracy of scan findings, confirm the presence of vulnerabilities through manual testing and verification, and track remediation progress over time.

7. See How I Analyze Results of a Done Nessus Scan (Nobody Will Teach You This!)

5. Nessus for Real-Life Scenarios

This section focuses on how to use Nessus in real-life scenarios and includes practical examples of using Nessus to scan for vulnerabilities in different network environments and configurations. We will customize Nessus policies to suit specific network environments, scan for vulnerabilities in web apps and databases, and use Nessus for compliance audits.

1. How to Use Nessus Policies (Reusable Scans)

In this video, we will use Nessus policies to create reusable scans. We will understand the concept of policies and customize Nessus scans for different network environments, and use Nessus policies to create reusable scans for vulnerability assessment in different network environments.

1. How to Use Nessus Policies (Reusable Scans)

2. How to Use Compliance Templates

In this video, you will learn to use compliance templates in Nessus to perform compliance audits and understand the importance of compliance in security and how compliance templates can help organizations to meet regulatory requirements and reduce the risk of legal and financial penalties for noncompliance.

2. How to Use Compliance Templates

3. How to Use Web Application Scanner

In this video, you will learn to use the web application scanner in Nessus to identify vulnerabilities in web applications, understand the importance of web application security and the different types of web application vulnerabilities that can be exploited by attackers, and reduce the risk of successful attacks by hackers.

3. How to Use Web Application Scanner

4. How to Do Authenticated (Credentialed) Scans

In this video, you will learn to perform authenticated or credentialed scans using Nessus. Authenticated scanning allows to scan devices and systems using valid credentials to obtain accurate and comprehensive results, identify vulnerabilities that would otherwise go undetected, and improve the overall security of systems and networks.

4. How to Do Authenticated (Credentialed) Scans

5. Vulnerability Scanning with Metasploit

This video explores Metasploit, a popular penetration testing framework that includes a suite of tools and modules for performing various security assessments, including vulnerability scanning. One key feature of Metasploit is its ability to automate the process of identifying and exploiting vulnerabilities in target systems.

5. Vulnerability Scanning with Metasploit

6. Nmap and VEGA Tutorial - Alternative to Nessus but Free

In this video, we explore Nmap and Vega, popular alternatives to Nessus for vulnerability scanning and security assessments. While Nessus is a comprehensive vulnerability scanner with many advanced features, Nmap and Vega can be useful for quick and simple scans, as more targeted assessments of specific systems or applications.

6. Nmap and VEGA Tutorial - Alternative to Nessus but Free

7. The Amazing Nessusd.Rules File Nobody Explains

This video focuses on the "nessusd.rules" file, which is an important component of Nessus as it contains the rules and instructions used by the scanner to identify vulnerabilities and potential security risks on target systems, a configuration file that can be edited to customize the behavior of the Nessus scanner and adjust the way it identifies vulnerabilities and risks.

7. The Amazing Nessusd.Rules File Nobody Explains

8. 4 Nessus PRO ONLY Features You Should Know

In this video, we will discuss about the Nessus PRO, a paid version of the Nessus vulnerability scanner that provides additional features and capabilities beyond the free Essentials version. Some of the advanced features that are only available in Nessus PRO include web application scanning and support for customized policies and compliance templates.

8. 4 Nessus PRO ONLY Features You Should Know

6. Writing Fully Custom Reports

This section focuses on built-in reporting capabilities that allow users to generate and export various types of reports based on their scan results. Users can also create custom reports using the Nessus report format or by exporting the scan results in XML format and processing them with third-party reporting tools.

1. Creating a Real VA Project Worksheet (With FILES)

In this video, we will create a vulnerability assessment (VA) project worksheet that can help security professionals plan and organize vulnerability scanning activities. The worksheet can include details such as the scope of the project, target systems, scan schedules, scan policies, and reporting requirements.

1. Creating a Real VA Project Worksheet (With FILES)

Course Images

Nessus Scanner - Network Scanning from Beginner to Advanced

By Packt

Booking options

Highlights

Description

Course Content

About The Provider

Tags

Reviews