Vulnerability Assessment Tools

Password Crackers

• The password is the most vulnerable part of any computer's security system. If a user has a weak password and sufficient privileges on the system, he could inadvertently compromise your entire system. IT professionals can use programs called password crackers to test for weak passwords and poor password encryption. These tools work by attempting to log into an account by generating passwords until one works. Because these tools are freely available on the Internet to anyone, including hackers, it is important to test for weak passwords.

Port Scanners

• IT professionals test a network's vulnerability for being penetrated by a hacker over the Internet with tools called port scanners. These are tools that test to see which ports a server is using. Ports are not a physical object, but a number associated with a data package that tells the server what program the data is intended for; specific programs "listen" for data packages on specific port numbers. Hackers use these tools to see which programs they can exploit to gain entry to a system. IT professionals use port scanners to find out what security holes a hacker could exploit.

SQL Injections

• Companies store all manner of important information in databases, including those that use the SQL language. These may be bank accounts, log in credentials and a host of other personal information. A properly configured database will only accept legitimate requests from the programs that are supposed to access them, such as the software running a company's website. Hackers can modify the requests the website sends to the database to contain large amount of invalid data. If that database is improperly configured, then the website will display an error message with sensitive information about the workings of the database. Hackers can use that information to gain direct access. IT professionals use SQL injections to make sure these modified requests won't work.

Metasploit

• Malware, such as viruses and spyware, are written to exploit weaknesses in the security of an operating system or other important software. Testing these "exploits" is an important step in making sure that the system isn't vulnerable to them. A piece of open source software called "Metasploit" is a software engine into which users load the code for exploits that security researchers have identified. Users can then use Metasploit to see if the computer is vulnerable to an exploit before a virus written by a hacker tests it out.