Security Vulnerability > Necessity
 Security Vulnerability
- Danger of allowing unauthorized access to information systems
- Danger of interference with information system’s normal services
- Danger of exposure, modification, removal of important data威
--> Generally, hackers first discover the system’s security vulnerabilities and then attack these vulnerabilities to gain control over the system.
 Security Vulnerability Scan and Analysis
- After scanning the information system for security vulnerabilities, the results are analyzed
 Security Vulnerability Assessment Tool
- Automated tool for scanning and analyzing security vulnerabilities
 System Security Vulnerability
- Race Condition, Environment Variable, Account & Password, Access Authorization, System Structure, Network Structure, Buffer Overflow, Backdoor, Etc.
 Network Security Vulnerability
- Provides Unnecessary Service & Information, DOS Attack, RPC, HTTP, SMTP, FTP, BIND, FINGER, Buffer Overflow, Etc.
 Application Vulnerability
- Web Server, Firewall Server, IDS Server, Database Server, Source Code Vulnerabilities, Etc.
UNIX/Linux Window
*Password Related Vulnerability
*X Windows Related Vulnerability
*Administrator and User Environment
*Vulnerability
*Utility Vulnerability
*File System Vulnerability
*DB Vulnerability
*Daemon Vulnerability
*Special File Vulnerability
*FTP Vulnerability
*SMTP and Mail Related Vulnerability
*RPC Vulnerability
*WWW/HTTP and CGI Vulnerability
*DNS/BIND Related Vulnerability
*Remote Access Command Vulnerability
*Packet Related Vulnerability
*Network Related Command Vulnerability
*NIS/NIS+ Vulnerability
*Firewalls/Filters/Proxies Vulnerability
*Port Vulnerability
*Backdoors Vulnerability
*Password Related Vulnerability
*Administrator and User Environment
*Vulnerability
*File System Vulnerability
*DB Vulnerability
*Special File Vulnerability
*Server Service Vulnerability
*Other Server Service Vulnerability
*Application Vulnerability
*Other Application Vulnerability
*Exchange Server Vulnerability
*Registry Vulnerability
*WWW/HTTP and CGI Vulnerability
*Packet Related Vulnerability
*Firewalls/Filters/Proxies Vulnerability
*Port Vulnerability
*Internet Explorer Vulnerability
*Internet Information Server Vulnerability
*SMTP and Mail Related Vulnerability
*Backdoors Vulnerability
 Too many known vulnerabilities.
- CERTCC-KR, CERTCC, BUGTRAQ, MITRE Etc
 Various operating systems and devices.
- Solaris, HP-UX, AIX, IRIX, True64, BSD, Unixware, RedHat, SuSE, TurboLinux, SlackWare, Caldera,
  Debian, Windows NT/2000, Windows 95/98/ME/XP, MacOS, Netware, Router, HUB, Switch Etc.
 Various network services.
- HTTP, TELNET, FTP, SMTP, POP, RPC, BIND, NEWS, NetBIOS Etc
First, professional knowledge is necessary,
Second, new vulnerabilities are continually being found,
Third, security vulnerabilities are scattered in devices, operating systems, applications, .........network services,
Fourth, generally there are many devices in use,
Fifth, the administrator generally does not have the time to cope with these vulnerabilities.
Therefore, since it is practically impossible to efficiently and professional cope with security vulnerabilities, an automated security vulnerability assessment tool is necessary.