Vulnerability Management Using Open-Source Tools

TL;DR: Vulnerability management using open-source tools enhances security posture by identifying and remediating vulnerabilities through asset discovery, vulnerability scanning, and remediation processes.

Abstract: In today's cybersecurity landscape, protecting information systems is crucial due to the rising threat of cyber-attacks.This research focuses on vulnerability management using open-source tools for domain and subdomain enumeration, vulnerability scanning, and remediation.Open-source software offers costeffective and collaborative security solutions.Domain and subdomain enumeration tools play a vital role in mapping an organization's attack surface, providing insight into security posture.The analysis of vulnerability scanning tools highlights their effectiveness in identifying critical flaws in web applications and databases.Vulnerability remediation through patching, hardening, and exposure management processes closes security gaps.The research provides an empirical insight into using open-source tools for vulnerability management, listing their benefits and limitations empowering organizations to enhance their security posture.Recommendations for integrating these tools into existing security frameworks help combat cyber threats and protect valuable assets.1. To identify a variety open-source tools for asset discovery, to map out the attack surface of target organization by enumerating domains, subdomains and ASN's through passive means, their scope and limitations and a comparative analysis the result of their enumerations.2. To identify and test a range of open-source vulnerability scanners and conduct a comparative analysis of the scanners by testing them against test website http://testphp.vulnweb.com/,http://php.testsparker.com/and comparing the types of issues found and how we can use them to identify vulnerabilities in our assets.3.