Read the summary from the vulnerability testing workshop held on 25 February 2022 by the EUNIS Information Security SIG.
The purpose of the meeting was to:
- Inform the community about, and raise awareness for the approaches and benefits of spending dedicated time on (in person) vulnerability testing.
- Share experiences (challenges and benefits) based on a Vulnerability Test, performed at UNIT and Oslo University in 2021.
See below the presentations from this meeting:
- Introducing EUNIS Information Security SIG ,Thorsten Küfer, Lead of EUNIS InfoSec SIG / University of Münster, Germany
- Introduction to Vulnerability Testing (what is it, why do it, what are common approaches, tools, types of outcomes), Asbjørn Reglund Thorsen, Lead of EUNIS InfoSec SIG / Sikt, Norway
- Technical setup at Sikt, Asbjørn Reglund Thorsen, Lead of EUNIS InfoSec SIG / Sikt, Norway
- Motivation: Rising number of vulnerabilities in software products
- Exchange/Hafnium
- Windows/PrintNightmare
- Java/Log4j
- Know your network/assets
- Inspired by experience at University of Münster (Greenbone) and Oslo/Porto
- The actual testing: what was done, how was it done, findings and further developments, Espen Grøndahl, University of Oslo Center for IT, Norway
- Options of Holm Security vs Greenbone (David Heed, SUNET, Sweden)
- Empirical experiences, comparison between Nessus (paid version), OpenVAS/Greenbone, John Kallevik, Stavanger University, Norway
- Experiences and future plans at University Porto, Francisco Peixoto, University of Porto, Portugal
- Summary and future plans, Thorsten Küfer, Lead of EUNIS InfoSec SIG / University of Münster, Germany
- Future work, Asbjørn Reglund Thorsen, Lead of EUNIS InfoSec SIG / Sikt, Norway