Claims
- 1. A system for detecting and tracking network security vulnerabilities, the system comprising:
a scanning module that scans a target network to identify security vulnerabilities within specific host computers of the target network, wherein the scanning module is responsive to identification of a security vulnerability within a host computer by generating a vulnerability record that specifies the vulnerability and the host computer; a vulnerability record management module that provides functionality for assigning the vulnerability records to specific users for correction of the security vulnerabilities specified therein, and further provides functionality for tracking a status of each such vulnerability record; and a fix verification module that performs a vulnerability-record-specific vulnerability test to evaluate whether a security vulnerability specified by a vulnerability record has been corrected within a corresponding host computer.
- 2. The system of claim 1, wherein the scanning module is configurable with host credentials for scanning a target host computer, and wherein the fix verification module re-uses said host credentials to perform the vulnerability-record-specific vulnerability test of the target host computer.
- 3. The system of claim 2, wherein the host credentials include an administrative-level username and password for the target host computer.
- 4. The system of claim 1, wherein the vulnerability record management module provides a user interface through which an administrator can assign each vulnerability record to a selected user within a pool of users, and can view the statuses of the assigned vulnerability records.
- 5. The system of claim 1, wherein the vulnerability record management module inhibits closure of a vulnerability record for which the fix verification module has not yet verified correction of a security vulnerability.
- 6. The system of claim 1, wherein the vulnerability record management module provides a user option to verify a selected vulnerability record, and the fix verification module is responsive to user actuation of said option by performing a vulnerability test of the single host computer associated with the selected vulnerability record.
- 7. The system of claim 1, wherein the scanning module tests a target host computer for each of a plurality of vulnerabilities, and the fix verification module performs a vulnerability-record-specific vulnerability test of the target host computer without re-testing for all of said plurality of vulnerabilities.
- 8. A method of network security vulnerability testing, comprising:
scanning each of a plurality of host computers on a target network to test for an existence of known security vulnerabilities within the host computers; in response to detection of a security vulnerability within a host computer, generating a vulnerability record that is specific to the host computer, said vulnerability record specifying the detected security vulnerability; and providing a user interface through which user actions taken with respect to the vulnerability record may be tracked, and through which a vulnerability-record-specific fix verification test may be initiated to determine whether the detected security vulnerability has been removed from the host computer.
- 9. The method of claim 8, wherein the vulnerability-record-specific fix verification test is performed without re-testing for all security vulnerabilities assessed during scanning.
- 10. The method of claim 8, wherein the vulnerability-record-specific fix verification test tests the host computer for the existence of the detected security vulnerability only, without testing for other security vulnerabilities.
- 11. The method of claim 8, wherein the user interface provides an option for an administrative user to assign the vulnerability record to a selected user for correcting the detected security vulnerability.
- 12. The method of claim 8, wherein the vulnerability-record-specific fix verification test is performed using host credentials used during scanning of the host computer.
- 13. The method of claim 12, wherein the host credentials include an administrative-level username and password for the host computer.
RELATED APPLICATIONS
[0001] This application is a continuation-in-part application of U.S. patent application Ser. No. 10/050,675, filed on Jan. 15, 2002, which is incorporated by reference herein.
Continuation in Parts (1)
|
Number |
Date |
Country |
Parent |
10050675 |
Jan 2002 |
US |
Child |
10387358 |
Mar 2003 |
US |