Automated Tools
Although automated tools can be useful, they do have a number oflimitations. One of their main limitations is that they’re only up to date
on the day that a check is written. Advisories for various vulnerabilities
are issued daily. Updates for most scanner applications are usually
released on a monthly basis.
One possible way to get around this problem is to write your own
checks. A number of vulnerability scanners allow you to write your
own custom checks in a variety of languages including perl, C,
VBScript and their own internal scripting languages.
Manual Checking
The advantages of manual checking are that it is possible to be
extremely thorough in investigating vulnerabilities and it has the
potential to always be up to date. Manual checking can be as current as
any mailing list or advisory as it does not rely on code to be written and
released a by a third party. The obvious limitation is the time that it
takes to perform.
However, in being slower and potentially sporadic in its probing and
searching, it can appear innocuous and therefore stand a greater chance
of passing unnoticed.
No comments:
Post a Comment