Vulnerability Assessment and Penetration Testing Literature Review.

1. LITERATURE REVIEW
2.1 Vulnerability Assessment
Vulnerability assessment is a crucial aspect of ensuring network security, especially in the context of
open access networks. In recent years, several tools have emerged to aid in the assessment of
vulnerabilities on networks. This review focuses on the utilization and effectiveness of Nmap, Dmitry,
Unicornscan, and Sparta in conducting vulnerability assessments on open access networks.
Vulnerability assessment of open access networks in the context of cyber security involves evaluating
the potential weaknesses and susceptibilities of these networks to cyber-attacks. It aims to identify
vulnerabilities that could be exploited by malicious actors to compromise the security and integrity of
the network.
Vulnerability assessment is a process used to evaluate the susceptibility of a system or entity to
potential harm or damage. It involves identifying and analyzing vulnerabilities, which are weaknesses or
flaws that can be exploited by threats or hazards. The goal of vulnerability assessment is to understand
the level of risk and develop strategies to mitigate or manage vulnerabilities (Frazier, 2012).
According to Shinde & Ardhapurkar (2016), vulnerabilities are weaknesses or flaws in the system that
could potentially lead to security breach. Adversaries find these vulnerabilities and exploit them as a
means of compromising the system. Injection, Broken Authentication, Sensitive Data Exposure, XML
External Entities (XXE) and Broken Access Control are some examples of vulnerabilities.
2.1.2 Advantages of Vulnerability Assessment
Firstly, vulnerability assessments help identify and mitigate potential security vulnerabilities in web
applications. These assessments involve analyzing the application's code, configuration, and architecture
to identify weaknesses that could be exploited by attackers. By identifying these vulnerabilities,
organizations can take proactive measures to patch or fix them, thereby reducing the risk of successful
attacks (Correa et al., 2021).
Secondly, vulnerability assessments provide insights into the resiliency of web applications against
specific types of attacks. For example, the study by introduces the business-layer dynamic application
security tester (BLDAST), which evaluates the resiliency of web applications against denial-of-service
(DoS) attacks (Alidoosti et al., 2019). By simulating such attacks, vulnerability assessments can
determine how well a web application can withstand and recover from these attacks, allowing
organizations to strengthen their defenses accordingly.
Thirdly, vulnerability assessments can help prioritize security efforts and allocate resources effectively.
By identifying the most critical vulnerabilities, organizations can focus their attention on addressing
these issues first, ensuring that limited resources are utilized efficiently. This prioritization can be based
on the severity of vulnerabilities, as demonstrated in the study by , which found that some websites had
high-severity vulnerabilities such as SQL injection and cross-site scripting (Elisa, 2017).

2. Fourthly, vulnerability assessments can contribute to improving the overall usability and accessibility of
web applications. The study by suggests that addressing web security vulnerabilities can enhance the
usability and accessibility of e-government websites in Tanzania (Elisa, 2017). By ensuring the security of
web applications, organizations can provide a safer and more user-friendly experience for their users.
Fiftly, vulnerability assessments can be supported by visualization techniques, as highlighted in the
research by (Sönmez & Kiliç, 2021). Visualizations can help in understanding and interpreting the results
of vulnerability assessments, making it easier for stakeholders to comprehend the security posture of
web applications. This can facilitate decision-making processes and enable effective communication
between security teams and other stakeholders.
2.1.2 DisAdvantages of Vulnerability Assessment
Vulnerability assessment of websites is an important process for identifying and addressing security
weaknesses. However, there are several disadvantages associated with vulnerability assessments.
One major disadvantage is the high prevalence of vulnerabilities found in assessed websites. A study
conducted in Tanzania found that 50.6% of assessed websites had one or more high-severity
vulnerabilities, such as SQL injection or cross-site scripting (XSS), while 64.5% had one or more medium-
severity vulnerabilities, such as cross-site request forgery or denial of service (Elisa, 2017). This indicates
that a significant number of websites are susceptible to attacks, highlighting the need for vulnerability
assessments.
Another disadvantage is the challenge of collecting and integrating large quantities of heterogeneous
data for reliable estimations. Vulnerability assessments require the collection and synthesis of various
types of data, which can be time-consuming and complex (Rufat, 2012). The neglect of significant
interactions between indicators can also limit the effectiveness of vulnerability analysis (Rufat, 2012).
Therefore, vulnerability assessments may not fully capture the complexity of vulnerabilities and their
interactions.
Furthermore, vulnerability assessments may not address all vulnerabilities, particularly those targeting
specific groups or contexts. A study focusing on contract cheating websites targeting doctoral students
found that these websites exploit distinct vulnerabilities of doctoral students through persuasive
language features (Kelly & Stevenson, 2021). This highlights the need for a comprehensive
understanding of vulnerabilities specific to different user groups and contexts.
Additionally, vulnerability assessments may face challenges in quantifying certain vulnerabilities. Some
vulnerabilities are difficult to quantify, making it challenging to accurately assess their impact (Rufat,
2012). This can limit the effectiveness of vulnerability assessments in providing a complete picture of the
security risks faced by websites.

3. 2.2 Penetration testing
Penetration testing, also known as pentesting, is a crucial methodology used to evaluate the security of
computer systems and networks (Chu & Lisitsa, 2018). Traditional pentesting methods rely heavily on
domain expert knowledge and require significant human effort, resulting in high costs. However,
automation can greatly enhance the efficiency, availability, and cost-effectiveness of penetration testing
(Chu & Lisitsa, 2018).
The complexity of network penetration and the diverse range of penetration methods pose challenges
for traditional analysis approaches, which often focus on a single method or a specific part of the
penetration process (Zheng et al., 2020). To address this, researchers have proposed an interpretive
visual analysis approach to characterize and summarize the penetration testing process. This approach
can improve researchers' comprehension of penetration testing and contribute to the development of
network security technologies (Zheng et al., 2020).
Penetration testing plays a crucial role in securing networks and identifying security vulnerabilities
(Denis et al., 2016). In a study investigating different aspects of penetration testing, including tools,
attack methodologies, and defense strategies, researchers conducted various penetration tests using
private networks, devices, and virtualized systems (Denis et al., 2016). These tests help highlight security
issues and inform the development of effective defense strategies.
The distinction between an attacker and a penetration tester lies in the legality of their actions (Chu &
Lisitsa, 2018). While both aim to assess the security of computer systems and networks through
simulated attacks, penetration testing is conducted within legal and ethical boundaries. The goal is to
identify vulnerabilities and provide recommendations for improving security, rather than causing harm
or unauthorized access (Chu & Lisitsa, 2018).
Visual analysis of penetration testing has gained attention in recent years, with a focus on analyzing
network penetration events and activities (Zheng et al., 2020). However, there is still a need for
systematic research in visualizing the entire process of penetration testing and analyzing its main
characteristics (Zheng et al., 2020). This research can contribute to a deeper understanding of network
penetration activities and facilitate the exploration of new attack technologies.
2.2.1 The History of Penetration Testing
In the 1960s, when multiple users started sharing the same resource, the risk of this resource sharing
resulted in the IT industry realizing the need for computer security Mamilla (2021). It was in 1965 that at
a conference for computer system security, the use of penetration testing was formally suggested.
Mamilla (2021). It was the US Department of Defense (DoD) that sponsored the “tiger teams'' in the
1970s. Mamilla (2021). “Tiger teams were government and industry-sponsored teams of crackers who
attempted to break down the defense of computer systems to uncover, and eventually patch, security
holes'' (Russell & Gangemi, 1991, p.29). Although these tiger teams were able to uncover some

4. vulnerabilities, it was apparent very soon that this method had many flaws, including, not being able to
prevent a second penetration attack and unreliability due to new vulnerabilities being found by new
teams. It became obvious then that a more stringent approach than tiger teams were needed. Mamilla
(2021)
It was James P. Anderson who introduced “reference monitors” in the Computer Security Technology
Planning Study Mamilla (2021). A reference monitor “enforces the authorized access relationships
between subjects and objects of a system.” (Russell & Gangemi, 1991, p.30). These reference monitors
resulted in the development of standards and technologies for secure systems. It was pointed out by
Hunt (2012) that after researching and analyzing the security of resource sharing system at the
Pentagon, Anderson described a pen test attack in steps:
1. Find an exploitable vulnerability.
2. Design an attack around it.
3. Test the attack.
4. Seize a line in use for ACS operations.
5. Enter the attack.
6. Exploit the entry for information recovery.
This was the first technique that has been used to assess resource sharing computer system
security. Mamilla (2021). In 1993, a paper called “Improving the Security of Your Site by Breaking into it”
was written by Dan Farmer of Sun Microsystems and Wietse Venema of Eindhoven University of
Technology. This paper is about the “uebercracker”, the hacker who uses his own hacking programs, as
opposed to using the existing scripts. This makes an uebercracker harder to detect and hence posing a
very serious threat to security. Mamilla (2021). Famer & Venema further pointed out that a system’s
owner must similarly learn to test his own system thinking of himself as a hacker. This was the basis for
Penetration testing. In 2003, the OWASP or Open Web Application Security Project introduced the
Testing Guide which had the first framework for Penetration testing. In 2014, the OWASP version 4 was
released with improvements over the previous versions. Mamilla (2021).
2.2.2 Penetration Test Objectives
The objectives of conducting Penetration Testing are multifaceted and complex. It is imperative to
thoroughly comprehend the primary aims of this sophisticated technique in order to ensure its
successful implementation and attainment of desired results.
The goal of a Penetration Test is to certify the effectiveness of the security measures taken by an
organization to protect their system. Penetration testing achieves this by discovering vulnerabilities by
simulating an attack by adversaries. Mamilla (2021).

5. 2.2.3 The Types of Penetration Testing
There are different types of penetration testing that can be conducted depending on the specific
objectives and scope of the assessment. Some common types include:
1. Network Penetration Testing: This type of testing focuses on identifying vulnerabilities in network
infrastructure, such as routers, switches, and firewalls. It aims to uncover weaknesses that could be
exploited by attackers to gain unauthorized access to the network (Chu & Lisitsa, 2018).
2. Web Application Penetration Testing: Web applications are often targeted by attackers due to their
potential vulnerabilities. Web application penetration testing involves assessing the security of web
applications, including identifying flaws in authentication mechanisms, input validation, and session
management (Chu & Lisitsa, 2018).
3. Wireless Network Penetration Testing: With the increasing use of wireless networks, it is essential to
evaluate their security. Wireless network penetration testing involves assessing the security of wireless
networks, including Wi-Fi networks, to identify vulnerabilities that could be exploited by unauthorized
users (Ryan et al., 2017).
4. Social Engineering Penetration Testing: Social engineering involves manipulating individuals to gain
unauthorized access to systems or sensitive information. Social engineering penetration testing assesses
the effectiveness of an organization's security awareness and training programs by attempting to
deceive employees and gain access to sensitive information (Chu & Lisitsa, 2018).
5. Physical Penetration Testing: Physical penetration testing evaluates the physical security measures in
place, such as access controls, surveillance systems, and security guards. It aims to identify weaknesses
that could allow unauthorized individuals to gain physical access to restricted areas (Chu & Lisitsa, 2018).
Each type of penetration testing requires specific tools, techniques, and expertise to effectively identify
vulnerabilities and assess the security of the targeted systems or networks. Automation can play a
significant role in streamlining the testing process and reducing the time and effort required (Chu &
Lisitsa, 2018).
2.2.4 The Models of Penetration Testing
Penetration testing is a widely used method for assessing and evaluating the security of digital assets. It
involves planning, generating, and executing possible attacks to discover and exploit vulnerabilities
(Ghanem et al., 2022). There are several models and frameworks that have been proposed for
conducting penetration testing in different contexts.
One commonly referenced model is the four-stage model proposed by the National Institute of
Standards and Technology (NIST) (Shen et al., 2011). This model consists of the following stages:

6. planning, discovery, attack, and reporting. In the planning stage, the objectives and scope of the
penetration test are defined. The discovery stage involves gathering information about the target
system or network. The attack stage involves attempting to exploit vulnerabilities and gain unauthorized
access. Finally, in the reporting stage, the findings and recommendations are documented and
communicated to the relevant stakeholders.
Another model that has been proposed is the model-based penetration test framework for web
applications (Stepien et al., 2012). This framework integrates penetration testing into the software
development life cycle and provides a repeatable, systematic, and cost-efficient approach. It uses the
test specification language TTCN-3 as a modeling language for web penetration testing. The framework
allows for the generation of web penetration test campaigns based on existing functional testing test
cases.
In addition to these models, there are also models that focus on specific aspects of penetration testing.
For example, there is a model that incorporates social engineering factors into the penetration test
simulation environment (Li et al., 2022). This model integrates relevant security attributes and factors
into the network graph model for penetration testing, allowing for the expression of the interaction
between the penetration tester and the target network.
Furthermore, there is a model-driven penetration test framework for web applications that provides
guidance and support to general testers who may not have in-depth security expertise (Xiong & Peyton,
2010). This framework consists of a penetration test methodology, a grey-box test architecture, a web
security knowledge base, a test campaign model, and a knowledge base.
Another approach to penetration testing is the use of reinforcement learning (RL) to make the process
more intelligent and efficient (Ghanem et al., 2022). This approach treats penetration testing tasks as
partially observed Markov decision processes (POMDPs) and uses RL algorithms to identify the most
efficient options for conducting the tests.
Overall, there are various models and frameworks for conducting penetration testing, each with its own
focus and approach. These models provide guidance and structure to the penetration testing process,
allowing for a systematic and efficient assessment of the security of digital assets.
2.2.5 Penetration Testing Processes
There are many different processes for penetration testing. Depending on the needs of the entity that
requires the pen test, a specific process is chosen. According to Thorsen, Nufryk, & Taylor, (2019), there
are eight phases in a traditional Penetration Testing Process Mamilla (2021);

7. Phase 1: Planning:
This is the first step in the process of Penetration Testing. Scope of the Pen test is defined in this
step. Tiller (2011) stated that the scope and scale of the test is decided based on factors like existing
security policies, culture, laws and regulation s, best practices and industry requirements.
This is a very important step because it defines the entire test and guides the deliverable of the test.
Mamilla (2021).
Phase 2: Reconnaissance:
This step is the information gathering stage where a pen tester gathers all the information he can
about the organization or the system that is to be pen tested, in the hopes that this information can be
useful during the attack. This information gathering can be passive information gathering and deliberate
information gathering. Pas sive information gathering is collecting publicly available information.
Deliberate information gathering is to detect vulnerabilities by scanning ports (Thorsen, Nufryk, & Taylor,
2019).
Phase 3: Scanning:
Also known as vulnerability scanning, this stage is when a pen tester uses scanning tools to scan for
vulnerabilities in a target system. (Thorsen, Nufryk & Taylor, 2019).
Phase 4: Gaining Access:
Using the knowledge gained from reconnaissance and exploiting the vulnerabilities discovered in
scanning, a pen tester starts attacking the target system to gain access into that system. (Thorsen,
Nufryk & Taylor, 2019).
Phase 5: Maintaining Access:
Once the pen testers gain access to the system in the previous stage, they use various mechanisms
to continue their access in the system (Thorsen, Nufryk & Taylor, 2019).
Phase 6: Covering tracks:
Pen testers cover their own tracks by deleting the evidenc e that they were ever inside the system
(Thorsen, Nufryk & Taylor, 2019).
Phase 7: Analysis:
In this stage, pen testers analyze all the information acquired during the testing process, along with
the vulnerabilities discovered and also suggest remediation measures to counteract the identified
vulnerabilities (Thorsen, Nufryk & Taylor, 2019).
Phase 8: Reporting:

8. This is the stage where all the information collected in the previous stages is formally reported to
the company stakeholders. This report usually consists of vulnerabilities discovered, sensitive data
accessed, time taken for the pen test and suggested remediation solutions.
2.2.6 Penetration testing tools
To perform penetration testing effectively, various tools and techniques are available. This paper will
discuss some of the commonly used penetration testing tools and their applications.
Kali Linux
One widely used operating system for penetration testing is Kali Linux. Kali Linux is a complete platform
that provides a wide range of advanced tools for penetration testing and security testing (Kasapović &
Skejić, 2021). It is specifically designed for ethical hacking and includes tools for network reconnaissance,
vulnerability scanning, password cracking, and more (Kasapović & Skejić, 2021). Kali Linux is known for
its extensive collection of pre-installed tools, making it a popular choice among penetration testers
(Carranza et al., 2018). It offers a user-friendly interface and supports both command-line and graphical
tools, making it suitable for both beginners and experienced professionals (Kasapović & Skejić, 2021).
Parrot OS
Another operating system commonly used for penetration testing is Parrot OS. Parrot OS is a lightweight
and secure Linux distribution that is designed for ethical hacking, penetration testing, and digital
forensics ("Operating Systems for Ethical Hackers - A Platform Comparison of Kali Linux and Parrot OS",
2021). It provides a wide range of tools for network analysis, vulnerability assessment, and exploitation
("Operating Systems for Ethical Hackers - A Platform Comparison of Kali Linux and Parrot OS", 2021).
Parrot OS is known for its focus on privacy and security, with built-in features such as sandboxing and
anonymous browsing ("Operating Systems for Ethical Hackers - A Platform Comparison of Kali Linux and
Parrot OS", 2021). It also offers a user-friendly interface and supports both command-line and graphical
tools ("Operating Systems for Ethical Hackers - A Platform Comparison of Kali Linux and Parrot OS",
2021).
Aircrack-ng
In addition to operating systems, there are several specific tools that are commonly used in penetration
testing. Aircrack-ng is a popular open-source tool for wireless network penetration testing (Carranza et
al., 2018). It is used for assessing the security of wireless networks by capturing packets, cracking
encryption keys, and performing various attacks (Carranza et al., 2018).
Reaver

9. Reaver is another tool used for wireless penetration testing, specifically targeting WPS (Wi-Fi Protected
Setup) vulnerabilities (Carranza et al., 2018). Kismet is a wireless network detector, sniffer, and intrusion
detection system that is used for monitoring and analyzing wireless networks (Carranza et al., 2018).
Metasploit
Metasploit is a powerful framework for penetration testing and vulnerability assessment (Sigholm et al.,
2019). It provides a wide range of tools and modules for exploiting vulnerabilities, conducting post-
exploitation activities, and generating reports (Sigholm et al., 2019). Metasploit is widely used by
penetration testers and security professionals for testing the security of networks, systems, and
applications (Sigholm et al., 2019). It supports both manual and automated exploitation techniques and
offers a comprehensive set of features for penetration testing (Sigholm et al., 2019).
Shodan
Shodan is a search engine that allows users to discover and analyze Internet-connected devices
(Fernández-Caramés & Fraga-Lamas, 2020). It can be used for vulnerability assessment and penetration
testing of IoT (Internet of Things) devices (Fernández-Caramés & Fraga-Lamas, 2020). Shodan provides
information about open ports, services, and vulnerabilities associated with specific devices or networks
(Fernández-Caramés & Fraga-Lamas, 2020). It can be used to identify potential security weaknesses in
IoT devices and assess their security configurations (Fernández-Caramés & Fraga-Lamas, 2020).
2.2.7 Penetration - Testing vs. Vulnerability Assessment
The major topic of this essay is vulnerability assessment, but vulnerability assessment and penetration
testing are frequently confused terms. Although the two concepts are similar, penetration testing places
a greater emphasis on gaining access to as much information as possible, whereas vulnerability
assessment focuses on finding areas that are susceptible to a computer attack. An automated
vulnerability scanner will frequently find potential flaws based on service banners or other network
replies that are deceptive.
A penetration test is similar to other tests in that it samples every set of potential systems and
configurations. The contractor won't be able to find and exploit all potential systems using all potential
flaws unless they are hired to test just one system. Any penetration test is therefore an environmental
sample. Additionally, the majority of testers will start with the easier targets before dealing with hard
system configuration for a better conclusion to locate weakness and go deeper into it.
A penetration test is similar to other tests in that it samples every set of potential systems and
configurations. The contractor won't be able to find and exploit all potential systems using all potential
flaws unless they are hired to test just one system. Any penetration test is therefore an environmental
sample. Additionally, the majority of testers will start with the easier targets before dealing with hard
system configuration for a better conclusion to locate weakness and go deeper into it.

10. 2.3 Network Scanning
Network scanning is a crucial component of vulnerability and penetration testing. It involves the use of
specialized tools and techniques to assess the security of a computer network by identifying and
analyzing potential vulnerabilities. The process of network scanning typically consists of three main
steps: network scanning, vulnerability scanning, and vulnerability analysis (Holm et al., 2011).
During network scanning, the architecture of the network is examined to identify potential entry points
and vulnerabilities. This can include scanning for open ports, services, and devices connected to the
network. Network scanning helps to create a map of the network and provides information about the
network's structure and potential weaknesses (Holm et al., 2011).
Vulnerability scanning is the next step in the process, where specific tools are used to scan the network
for known vulnerabilities. These tools compare the network's configuration and software versions
against a database of known vulnerabilities to identify potential security weaknesses. Vulnerability
scanning can be performed using both authenticated and unauthenticated scans. Authenticated scans
require credentials to access the network, while unauthenticated scans do not require any credentials
(Holm et al., 2011).
Once vulnerabilities are identified through vulnerability scanning, the next step is vulnerability analysis.
This involves assessing the severity and potential impact of each vulnerability. The analysis helps
prioritize vulnerabilities based on their risk level and provides recommendations for remediation.
Vulnerability analysis also involves understanding the root causes of vulnerabilities and identifying any
underlying issues in the network's configuration or software (Holm et al., 2011).
According to Wack, Tracy & Souppaya (2003), network scanning involves the use of a port scanner to
identify all the active hosts , open ports, switches and routers in the address range. Mamilla (2021).
Operating System fingerprinting occurs when the open ports discovered by scanning tools identify the
target Operating System. Mamilla (2021).
However, OS fingerprinting may not always give the correct answer, because system administrators can
use mechanics like firewall filters to disguise their real operating systems. Mamilla (2021) Although port
scanners are completely automated, they do not identify vulnerabilities by themselves. Only the pen
tester looking at the results of this port scanning can identify vulnerabilities by interpreting and
analyzing those results. Mamilla (2021)
Table 1. List of Network Scanning Tools

11. Scanning Tools
Scanning Tools Description of the Tool Cost of the Tool Nmap Port scanning tool used to discover active
hosts and scan for open ports (Wack, Tracy & Souppaya, 2003). free OpenVas Open Vulnerability
Assessment System is an open-source software framework for vulnerability management and scanning
(Thorsen, Nufryk & Taylor, 2019). free Dmitry Command line port scanner that scans both TCP and UDP
ports (“Kali Linux”, n.d.). free Unicornscan Port scanner that scans TCP scanning tools (“Kali Linux”, n.d.).
free
Sparta GUI port mapper that scans networks to identify available hosts on the network (“Kali Linux”,
n.d.). free Netcat Popularly known as the swiss army utility of a security engineer, it is a port scanner
that is also used in reading and writing data across the network (Wilson, 2021). free SolarWinds Port
Scanner Scanning tool that generates a list of open closed and filtered ports for an IP address (“Free
port”, n.d.). Free 30 day trial Angry IP Scanner Scanning tool that scans ports and IP addresses and is
compatible with Linux, Windows, and MAC OS X (“Angry IP”, n.d.).
ManageEngine OpUtils Port scanning tool that also provides network address monitoring and tools for
Free trial administration (Wilson, 2021)
2.3.1 Nmap scanning of network for vulnerability
Nmap (Network Mapper) is a widely used open source program for network scanning and vulnerability
assessment (Fuentes-García et al., 2021). It is a multi-platform tool that can be used to evaluate the
security of operating systems by discovering vulnerabilities and providing information about open ports
and services (Fuentes-García et al., 2021; Renato & Maria, 2015). Nmap can be used to determine active

12. computers, identify listening ports, perform vulnerability scanning, and gather information about the
operating system (Renato & Maria, 2015; Syahab, 2023). It supports various types of scans, including
TCP and UDP scans (Renato & Maria, 2015).
Nmap is often used in combination with other tools for vulnerability scanning and network security
monitoring. For example, in a study on network security monitoring, Nmap was used alongside other
tools to assess the present and future of network security monitoring (Fuentes-García et al., 2021).
Another study focused on university computer network vulnerability management and used Nmap for
information gathering, while Nexpose was used for vulnerability scanning ("University Computer
Network Vulnerability Management using Nmap and Nexpose", 2021). The combination of Nmap and
Nexpose allowed for effective vulnerability detection in the network ("University Computer Network
Vulnerability Management using Nmap and Nexpose", 2021).
The performance of Nmap in vulnerability management systems can be optimized by combining
benchmarking and scenario planning models (Basuki & Adriansyah, 2023). This approach improves the
response time and accuracy of the vulnerability management system, reducing the level of damage
caused by cyber-attacks (Basuki & Adriansyah, 2023). Masscan, a network scanning tool, can achieve
response times of less than 2 seconds when used for scanning open ports on a subnet (Basuki &
Adriansyah, 2023). Nmap, on the other hand, can achieve response times of less than 4 seconds when
used for scenario planning and detection on a single host (Basuki & Adriansyah, 2023).
In the field of information security, vulnerability scanning plays a crucial role in identifying weaknesses
in a network (Basuki & Adriansyah, 2023). It helps in discovering vulnerabilities and determining their
locations on the network (Basuki & Adriansyah, 2023). By scanning the network, organizations can
prioritize the mitigation of vulnerabilities and implement appropriate security measures ("University
Computer Network Vulnerability Management using Nmap and Nexpose", 2021). Vulnerability scanning
tools like Nmap assist in this process by providing valuable information about the network's security
posture (Llanso et al., 2017).
While Nmap is a powerful tool for vulnerability scanning, it is important to note that automated
scanning may not accurately identify all vulnerabilities present in computer networks (Holm et al., 2011).
Manual effort is often needed to complement automated scanning and ensure satisfactory accuracy in
identifying network security problems (Holm et al., 2011). Additionally, vulnerability scanning should be
part of a comprehensive vulnerability management framework that includes regular scanning,
assessment of scan results, and timely resolution of identified vulnerabilities ("University Computer
Network Vulnerability Management using Nmap and Nexpose", 2021).
In summary, Nmap is a versatile and widely used tool for network scanning and vulnerability assessment.
It can be used to discover vulnerabilities, gather information about open ports and services, and assess
the security of operating systems. Nmap is often used in combination with other tools for vulnerability
scanning and network security monitoring. Its performance can be optimized by combining
benchmarking and scenario planning models. However, it is important to note that automated scanning
may not identify all vulnerabilities, and manual effort is often needed to complement automated

13. scanning. Vulnerability scanning should be part of a comprehensive vulnerability management
framework to ensure the security of computer networks.
Reference ;
Frazier, T. (2012). Selection Of Scale In Vulnerability and Resilience Assessments. Journal of Geography &
Natural Disasters, 03(02). https://doi.org/10.4172/2167-0587.1000e108

14. Shinde, P. S., & Ardhapurkar, S. B. (2016, February). Cyber security analysis using vulnerability
assessment and penetration testing. In 2016 World Conference on Futuristic Trends in Research and
Innovation for Social Welfare (Startup Conclave) (pp. 1-5). IEEE.
Correa, R., Higuera, J., Dagdeviren, Z., Sicilia, J., Rubio, M., Magreñán, Á. (2021). Hybrid Security
Assessmentmethodology Forweb Applications. Computer Modeling in Engineering & Sciences, 1(126),
89-124. https://doi.org/10.32604/cmes.2021.010700
Alidoosti, M., Nowroozi, A., Nickabadi, A. (2019). Evaluating the Web‐application Resiliency To
Business‐layer Dos Attacks. Etri Journal, 3(42), 433-445. https://doi.org/10.4218/etrij.2019-0164
Elisa, N. (2017). Usability, Accessibility and Web Security Assessment Of E-government Websites In
Tanzania. International Journal of Computer Applications, 5(164), 42-48.
https://doi.org/10.5120/ijca2017913632
Sönmez, F. and Kiliç, B. (2021). Holistic Web Application Security Visualization For Multi-project and
Multi-phase Dynamic Application Security Test Results. Ieee Access, (9), 25858-25884.
https://doi.org/10.1109/access.2021.3057044
Rufat, S. (2012). Spectroscopy Of Urban Vulnerability. Annals of the Association of American
Geographers, 3(103), 505-525. https://doi.org/10.1080/00045608.2012.702485
Kelly, A. and Stevenson, K. (2021). Students Pay the Price: Doctoral Candidates Are Targeted By Contract
Cheating Websites. International Journal of Doctoral Studies, (16), 363-377.
https://doi.org/10.28945/4757
Chu, G. and Lisitsa, A. (2018). Poster: Agent-based (Bdi) Modeling For Automation Of Penetration
Testing.. https://doi.org/10.1109/pst.2018.8514211
Denis, M., Zena, C., Hayajneh, T. (2016). Penetration Testing: Concepts, Attack Methods, and Defense
Strategies.. https://doi.org/10.1109/lisat.2016.7494156
Zheng, S., Wu, Y., Wang, S., Wei, Y., Mu, D., He, H., … & Chen, H. (2020). Ptvis: Visual Narrative and
Auxiliary Decision To Assist In Comprehending The Penetration Testing Process. Ieee Access, (8), 194523-
194540. https://doi.org/10.1109/access.2020.3033391
Mamilla, S. R. (2021). A Study of Penetration Testing Processes and Tools.
Ryan, J., MacCartney, G., Rappaport, T. (2017). Indoor Office Wideband Penetration Loss Measurements
At 73 Ghz.. https://doi.org/10.1109/iccw.2017.7962662

15. Ghanem, M., Chen, T., Nepomuceno, E. (2022). Hierarchical Reinforcement Learning For Efficient and
Effective Automated Penetration Testing Of Large Networks. Journal of Intelligent Information Systems,
2(60), 281-303. https://doi.org/10.1007/s10844-022-00738-0
Li, Y., Wang, Y., Xiong, X., Zhang, J., Yao, Q. (2022). An Intelligent Penetration Test Simulation
Environment Construction Method Incorporating Social Engineering Factors. Applied Sciences, 12(12),
6186. https://doi.org/10.3390/app12126186
Shen, L., Liang, X., Bo, Y., Xia, C. (2011). Automatic Generation For Penetration Testing Scheme Analysis
Model For Network.. https://doi.org/10.1109/iccis.2011.102
Stepien, B., Peyton, L., Xiong, P. (2012). Using Ttcn-3 As a Modeling Language For Web Penetration
Testing.. https://doi.org/10.1109/icit.2012.6210016
Xiong, P. and Peyton, L. (2010). A Model-driven Penetration Test Framework For Web Applications..
https://doi.org/10.1109/pst.2010.5593250
Holm, H., Sommestad, T., Almroth, J., Persson, M. (2011). A Quantitative Evaluation Of Vulnerability
Scanning. Information Management & Computer Security, 4(19), 231-247.
https://doi.org/10.1108/09685221111173058
(2021). University Computer Network Vulnerability Management Using Nmap and Nexpose.
International Journal of Advanced Trends in Computer Science and Engineering, 6(10), 3084-3090.
https://doi.org/10.30534/ijatcse/2021/021062021
Basuki, A. and Adriansyah, A. (2023). Response Time Optimization For Vulnerability Management System
By Combining the Benchmarking And Scenario Planning Models. International Journal of Electrical and
Computer Engineering (Ijece), 1(13), 561. https://doi.org/10.11591/ijece.v13i1.pp561-570
Fuentes-García, M., Camacho, J., Maciá-Fernández, G. (2021). Present and Future Of Network Security
Monitoring. Ieee Access, (9), 112744-112760. https://doi.org/10.1109/access.2021.3067106
Holm, H., Sommestad, T., Almroth, J., Persson, M. (2011). A Quantitative Evaluation Of Vulnerability
Scanning. Information Management & Computer Security, 4(19), 231-247.
https://doi.org/10.1108/09685221111173058
Llanso, T., McNeil, M., Pearson, D., Moore, G. (2017). Blugen: An Analytic Framework For Mission-cyber
Risk Assessment and Mitigation Recommendation.. https://doi.org/10.24251/hicss.2017.724
Renato, C. and Maria, N. (2015). Technologies' Application, Rules, and Challenges Of Information
Security On Information And Communication Technologies.. https://doi.org/10.1109/apcase.2015.74

16. Syahab, N. (2023). Analisis Audit Keamanan Informasi Website Menggunakan Metode Network Mapper
Dan Qualys Ssl. Jurnal Manajemen Informatika Dan Sistem Informasi, 1(6), 39-47.
https://doi.org/10.36595/misi.v6i1.742