 | |
| Developer(s) | Tenable, Inc. |
|---|---|
| Stable release | |
| Operating system | Linux, macOS and Microsoft Windows |
| Type | Vulnerability scanner |
| License | Proprietary; GPL (2.2.11 and earlier) |
| Website | https://www.tenable.com |
Nessus is a proprietary vulnerability scanner developed by Tenable, Inc.
In 1998 Renaud Deraison created The Nessus Project as a free remote security scanner. [2] On October 5 2005, with the release of Nessus 3, the project changed from the GNU Public License to a proprietary license. [3]
The Nessus 2 engine and some of the plugins are still using the GNU Public License, leading to forks based on Nessus like OpenVAS [2] [4] and Greenbone Sustainable Resilience. [5]
Free software, libre software, or libreware is computer software distributed under terms that allow users to run the software for any purpose as well as to study, change, and distribute it and any adapted versions. Free software is a matter of liberty, not price; all users are legally free to do what they want with their copies of a free software regardless of how much is paid to obtain the program. Computer programs are deemed "free" if they give end-users ultimate control over the software and, subsequently, over their devices.
The free software movement is a social movement with the goal of obtaining and guaranteeing certain freedoms for software users, namely the freedoms to run, study, modify, and share copies of software. Software which meets these requirements, The Four Essential Freedoms of Free Software, is termed free software.
GNU is an extensive collection of free software, which can be used as an operating system or can be used in parts with other operating systems. The use of the completed GNU tools led to the family of operating systems popularly known as Linux. Most of GNU is licensed under the GNU Project's own General Public License (GPL).
The GNU Lesser General Public License (LGPL) is a free-software license published by the Free Software Foundation (FSF). The license allows developers and companies to use and integrate a software component released under the LGPL into their own software without being required by the terms of a strong copyleft license to release the source code of their own components. However, any developer who modifies an LGPL-covered component is required to make their modified version available under the same LGPL license. For proprietary software, code under the LGPL is usually used in the form of a shared library, so that there is a clear separation between the proprietary and LGPL components. The LGPL is primarily used for software libraries, although it is also used by some stand-alone applications.
A vulnerability scanner is a computer program designed to assess computers, networks or applications for known weaknesses. These scanners are used to discover the weaknesses of a given system. They are utilized in the identification and detection of vulnerabilities arising from mis-configurations or flawed programming within a network-based asset such as a firewall, router, web server, application server, etc. Modern vulnerability scanners allow for both authenticated and unauthenticated scans. Modern scanners are typically available as SaaS ; provided over the internet and delivered as a web application. The modern vulnerability scanner often has the ability to customize vulnerability reports as well as the installed software, open ports, certificates and other host information that can be queried as part of its workflow.
Open-source software (OSS) is computer software that is released under a license in which the copyright holder grants users the rights to use, study, change, and distribute the software and its source code to anyone and for any purpose. Open-source software may be developed in a collaborative, public manner. Open-source software is a prominent example of open collaboration, meaning any capable user is able to participate online in development, making the number of possible contributors indefinite. The ability to examine the code facilitates public trust in the software.
Scanner Access Now Easy (SANE) is an open-source application programming interface (API) that provides standardized access to any raster image scanner hardware. The SANE API is public domain. It is commonly used on Linux.
GnuTLS is a free software implementation of the TLS, SSL and DTLS protocols. It offers an application programming interface (API) for applications to enable secure communication over the network transport layer, as well as interfaces to access X.509, PKCS #12, OpenPGP and other structures.
Free and open-source software (FOSS) is a term used to refer to groups of software consisting of both free software and open-source software, where anyone is freely licensed to use, copy, study, and change the software in any way, and the source code is publicly available so that people are encouraged to improve the design of the software. This is in contrast to proprietary software, where the software is under restrictive copyright or licensing and the source code is hidden from the users.
A permissive software license, sometimes also called BSD-like or BSD-style license, is a free-software license which instead of copyleft protections, carries only minimal restrictions on how the software can be used, modified, and redistributed, usually including a warranty disclaimer. Examples include the GNU All-permissive License, MIT License, BSD licenses, Apple Public Source License and Apache license. As of 2016, the most popular free-software license is the permissive MIT license.
OpenVAS is the scanner component of Greenbone Vulnerability Management (GVM), a software framework of several services and tools offering vulnerability scanning and vulnerability management.
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.
IcedTea is a build and integration project for OpenJDK launched by Red Hat in June 2007. IcedTea also includes some addon libraries: IcedTea-Web is a free software implementation of Java Web Start and the Java web browser applet plugin. IcedTea-Sound is a collection of plugins for the Java sound subsystem, including the PulseAudio provider which used to be included with IcedTea. The Free Software Foundation recommends that all Java programmers use IcedTea as their development environment.
Companies whose business centers on the development of open-source software employ a variety of business models to solve the challenge of how to make money providing software that is by definition licensed free of charge. Each of these business strategies rests on the premise that users of open-source technologies are willing to purchase additional software features under proprietary licenses, or purchase other services or elements of value that complement the open-source software that is core to the business. This additional value can be, but not limited to, enterprise-grade features and up-time guarantees to satisfy business or compliance requirements, performance and efficiency gains by features not yet available in the open source version, legal protection, or professional support/training/consulting that are typical of proprietary software applications.
Lynis is an extensible security audit tool for computer systems running Linux, FreeBSD, macOS, OpenBSD, Solaris, and other Unix derivatives. It assists system administrators and security professionals with scanning a system and its security defenses, with the final goal being system hardening.
Copyleft is the legal technique of granting certain freedoms over copies of copyrighted works with the requirement that the same rights be preserved in derivative works. In this sense, freedoms refers to the use of the work for any purpose, and the ability to modify, copy, share, and redistribute the work, with or without a fee. Licenses which implement copyleft can be used to maintain copyright conditions for works ranging from computer software, to documents, art, scientific discoveries and even certain patents.
Proprietary software is software that, according to the free and open-source software community, grants its creator, publisher, or other rightsholder or rightsholder partner a legal monopoly by modern copyright and intellectual property law to exclude the recipient from freely sharing the software or modifying it, and—in some cases, as is the case with some patent-encumbered and EULA-bound software—from making use of the software on their own, thereby restricting their freedoms.
The GNU General Public License is a series of widely used free software licenses or copyleft that guarantee end users the four freedoms to run, study, share, and modify the software. The license was the first copyleft for general use and was originally written by Richard Stallman, the founder of the Free Software Foundation (FSF), for the GNU Project. The license grants the recipients of a computer program the rights of the Free Software Definition. These GPL series are all copyleft licenses, which means that any derivative work must be distributed under the same or equivalent license terms. It is more restrictive than the Lesser General Public License and even further distinct from the more widely used permissive software licenses BSD, MIT, and Apache.
Software categories are groups of software. They allow software to be understood in terms of those categories, instead of the particularities of each package. Different classification schemes consider different aspects of software.
The Nessus Attack Scripting Language, usually referred to as NASL, is a scripting language that is used by vulnerability scanners like Nessus and OpenVAS. With NASL specific attacks can be automated, based on known vulnerabilities.
 | This security software article is a stub. You can help Wikipedia by expanding it. |