Outputs from the vulnerability testing workshop

Read the summary from the vulnerability testing workshop held on 25 February 2022 by the EUNIS Information Security SIG.

The purpose of the meeting was to:

• Inform the community about, and raise awareness for the approaches and benefits of spending dedicated time on (in person) vulnerability testing.
• Share experiences (challenges and benefits) based on a Vulnerability Test, performed at UNIT and Oslo University in 2021.

See below the presentations from this meeting:

• Introducing EUNIS Information Security SIG ,Thorsten Küfer, Lead of EUNIS InfoSec SIG / University of Münster, Germany
• Introduction to Vulnerability Testing (what is it, why do it, what are common approaches, tools, types of outcomes), Asbjørn Reglund Thorsen, Lead of EUNIS InfoSec SIG / Sikt, Norway
• Technical setup at Sikt, Asbjørn Reglund Thorsen, Lead of EUNIS InfoSec SIG / Sikt, Norway

• Motivation: Rising number of vulnerabilities in software products
  • Exchange/Hafnium
  • Windows/PrintNightmare
  • Java/Log4j
• Know your network/assets
• Inspired by experience at University of Münster (Greenbone) and Oslo/Porto
• The actual testing: what was done, how was it done, findings and further developments, Espen Grøndahl, University of Oslo Center for IT, Norway
• Options of Holm Security vs Greenbone (David Heed, SUNET, Sweden)
• Empirical experiences, comparison between Nessus (paid version), OpenVAS/Greenbone, John Kallevik, Stavanger University, Norway
• Experiences and future plans at University Porto, Francisco Peixoto, University of Porto, Portugal
• Summary and future plans, Thorsten Küfer, Lead of EUNIS InfoSec SIG / University of Münster, Germany
• Future work, Asbjørn Reglund Thorsen, Lead of EUNIS InfoSec SIG / Sikt, Norway