(PDF) COMPARATIVE ANALYSIS OF SECURITY VULNERABILITY SCANNERS (NESSUS AND OpenVAS) IN CLOUD ENVIRONMENT

SEC7001
Cloud and Network Security

Master’s Project
Prepared by SAMAD TOYIN M.Sc. (Hons)
COMPARATIVE ANALYSIS OF SECURITY VULNERABILITY

SCANNERS (NESSUS AND OpenVAS) IN CLOUD
ENVIRONMENT
School of Arts and Creative Technologies
SUPERVISOR NAME: IHSAN, MANSOOR
A report submitted in the partial fulfilment for the MSc degree in

Cloud and Network Security
September 2023
The University of Bolton

Deane Road, Bolton, BL3 5AB
http://www.bolton.ac.uk
0
Master’s Thesis
Main Report
ABSTRACT
As cloud computing continues to gain prominence in modern IT infrastructure,
ensuring the security of cloud-based systems becomes a critical concern.
Vulnerability scanning plays a pivotal role in identifying security weaknesses and
potential threats within cloud environments. This thesis compares two popular
vulnerability scanners, Nessus, and OpenVAS, specifically tailored for the cloud
environment. This research aims to evaluate and compare the effectiveness,
performance, and feature sets of Nessus and OpenVAS in identifying
vulnerabilities within cloud-based systems.
Both scanners were evaluated for their effectiveness and accuracy in detecting
known vulnerabilities. Nessus and OpenVAS exhibited competency in identifying
these vulnerabilities, showcasing their relevance in safeguarding cloud
environments from prevalent risks.
Keywords: Cloud Computing, Vulnerability Scanning, Nessus, OpenVAS,

Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring
System (CVSS), Vulnerability Management
University of Bolton 1
Master’s Thesis
Main Report
ACKNOWLEDGEMENTS
I am deeply grateful to have the privilege to express my heartfelt appreciation to

the individuals and institutions that have played an integral role in the completion
of my MSC dissertation in the Cloud and Network Security Department at the
University of Bolton.
First and foremost, I extend my sincere gratitude to my dedicated supervisor,

Ihsan, Mansoor and my Moodle guide Dr Thaier Hamid whose expert guidance,
unwavering support, and insightful feedback have been pivotal in shaping the
trajectory of this research.
My heartfelt appreciation goes to my parents, Mr. and Mrs. Toyin for their
boundless encouragement, unwavering belief in my abilities, and the constant
motivation that propelled me forward during challenging times.
I am deeply grateful to CSP. AKA Shittu and Opeyemi Oriola for their generous
financial assistance. Your contributions alleviated the financial burden and
allowed me to fully immerse myself in my studies, focusing on the research that
has led to this dissertation.
To my friends who stood by me, Davison Isesele, Austin Orumwense and Musa
Rukayat for their unwavering camaraderie, engaging discussions, and moral
support have been a source of positivity and inspiration.
Master’s Thesis
Main Report
Table of Contents
List of Tables ...................................................................................................... 8
List of Appendices .............................................................................................. 9
List of Abbreviations ......................................................................................... 10
CHAPTER 1. Introduction ............................................................................ 11
Background and Context .............................................................................. 11
Statement of the Problem ............................................................................. 13
Research Aims and Objective....................................................................... 13
Relevance and Importance of the Research ................................................. 13
Research Questions ..................................................................................... 15
Scope and Limitation of Study ...................................................................... 15
Thesis Organisation ...................................................................................... 16
CHAPTER 2. Literature Review ................................................................... 18

Introduction ................................................................................................... 18
Literature Review References....................................................................... 19
Literature Review .......................................................................................... 22
Cloud Computing and Security Vulnerabilities .............................................. 25
Security Vulnerability Scanners .................................................................... 26
Common Vulnerability Scoring System (CVSS) ............................................ 27
CVSS-Based Severity ................................................................................... 29
Overview of Nessus and OpenVAS .............................................................. 31
Nessus .......................................................................................................... 32
OpenVAS ...................................................................................................... 34
Comparative Analysis of Nessus and OpenVAS .......................................... 36
Knowledge Gap ............................................................................................ 38
Summary ...................................................................................................... 38
CHAPTER 3. Methodology........................................................................... 39
Master’s Thesis
Main Report
Research Design .......................................................................................... 39
Ethical Considerations .................................................................................. 44
Research Philosophy .................................................................................... 44
Cloud Environment Setup ............................................................................. 44
Data Collection and Analysis ........................................................................ 48
CHAPTER 4. Implementation....................................................................... 51
Cloud Environment Setup ............................................................................. 51
Installation and Configuration of NESSUS .................................................... 56
Installation and Configuration of OpenVAS .................................................. 60
Scanning Policies and Configurations .......................................................... 63
Conducting Vulnerability Scans .................................................................... 63
Data Collection and Analysis ........................................................................ 63
Challenges and Solutions ............................................................................. 64
CHAPTER 5. Results and Discussion .......................................................... 67

Vulnerability Detection: ................................................................................. 67
Vulnerability Severity Classification .............................................................. 69
Scanning Duration ........................................................................................ 70
Support and Documentation ......................................................................... 70
Reporting Capabilities ................................................................................... 70
CHAPTER 6. Conclusion, Recommendation and Future Works .................. 71

Conclusion .................................................................................................... 71
Recommendation .......................................................................................... 72
Future works ................................................................................................. 73
Reflection ...................................................................................................... 74
References ....................................................................................................... 76
BIBLIOGRAPHY............................................................................................... 78
Appendix .......................................................................................................... 80
Master’s Thesis
Main Report
Appendix A: Gantt Chart ............................................................................... 80
Appendix B: Detailed Configuration Steps for Nessus .................................. 81
Appendix C: Detailed Configuration Steps for OpenVAS .............................. 86
Appendix D: Test Cases and Vulnerabilities Used in the Study .................... 87
Appendix E: Scanning Results...................................................................... 88
Master’s Thesis
Main Report
LIST OF FIGURES
Figure 1-1 Vulnerability Scanner System Illustration ........................................ 12
Figure 2-1 Threats in the Cloud Environment ................................................... 26
Figure 2-2 How a vulnerability scanner works .................................................. 27
Figure 2-3 OpenVAS vs. Nessus: Tabular Comparison (Hoffman, 2023) ........ 37
Figure 3-1 Research Design............................................................................. 40
Figure 3-2 Implementation Flow Chart ............................................................. 41
Figure 3-3 Research Flow .............................................................................. 42
Figure 4-1 Aws Account Setup ......................................................................... 51
Figure 4-2 Virtual Private Cloud (VPC) ............................................................. 52
Figure 4-3 Subnet Configuration ...................................................................... 52
Figure 4-4 Key Pair .......................................................................................... 53
Figure 4-5 Security Groups .............................................................................. 54
Figure 4-6 Dashboard _ EC2 Management Console ........................................ 55
Figure 4-7 EC2 Instances ................................................................................. 55
Figure 4-8 Nessus Host OS.............................................................................. 56
Figure 4-9 Nessus Initialisation ........................................................................ 56
Figure 4-10 Nessus Account ............................................................................ 57
Figure 4-11 Nessus Home ............................................................................... 57
Figure 4-12 Nessus Scan Settings ................................................................... 58
Figure 4-13 Nessus Scan Credentials .............................................................. 58
Figure 4-14 Nessus Scan Type ........................................................................ 59
Figure 4-15 Nessus Scan List .......................................................................... 59
Figure 4-16 OpenVAS welcomes ..................................................................... 60
Figure 4-17 OpenVAS SSL .............................................................................. 60
Figure 4-18 OpenVAS Home............................................................................ 61
Figure 4-19 OpenVAS IP Target Config ........................................................... 61
Figure 4-20 OpenVAS SSH .............................................................................. 62
Figure 4-21 OpenVAS Target Config ............................................................... 62
Figure 4-22 OpenVAS Task ............................................................................. 63
Figure 4-23 Incoming / Outgoing Rules ............................................................ 65
Figure 4-24 AWS Bill ........................................................................................ 65
Master’s Thesis
Main Report
Figure 4-25 IAM Dashboard ............................................................................. 66

Figure 5-1 Result by Number of Vulnerabilities ................................................ 68
Figure 5-2 Pie Chart Comparison ..................................................................... 68
Figure 5-3 Vulnerability Severity Classification................................................. 69
Figure 5-4 Scanning Duration........................................................................... 70
Figure 6-1 Nessus Download ........................................................................... 81
Figure 6-2 Download ........................................................................................ 81
Figure 6-3 Download ls .................................................................................... 82
Figure 6-4 Nesuss Start ................................................................................... 83
Figure 6-5 Nessus SSL .................................................................................... 83
Figure 6-6 Nessus activation reg. ..................................................................... 84
Figure 6-7 Nessus Login .................................................................................. 85
Figure 6-8 Nessus Interface ............................................................................. 85
Figure 6-9 OpenVas Login ............................................................................... 86
Figure 6-10 Nessus Login ................................................................................ 87
Figure 6-11 Nessus CVSS3 ............................................................................. 88
Figure 6-12 Nessus CVSS 2 ............................................................................ 88
Figure 6-13 Nessus CVSS 2b .......................................................................... 89
Figure 6-14 OpenVAS Result 1 ........................................................................ 89
Figure 6-15 OpenVAS Result 2 ........................................................................ 89
Master’s Thesis
Main Report
LIST OF TABLES
Table 2-1 Table of References ......................................................................... 21

Table 2-2 Common Vulnerability Scoring System (CVSS) ............................... 29
Table 2-3 CVSS-Based Severity ...................................................................... 30
Table 2-4 Features Comparison ....................................................................... 37
Table 5-1 Vulnerability Detected ..................................................................... 67
Table 5-2 Vulnerability Severity Classification .................................................. 69
Master’s Thesis
Main Report
LIST OF APPENDICES
Appendix A: Detailed Configuration Steps for Nessus
Appendix B: Detailed Configuration Steps for Nessus
Appendix C: Detailed Configuration Steps for OpenVAS
Appendix D: Test Cases and Vulnerabilities Used in the Study
Appendix E: Performance Metrics and Evaluation Results
Master’s Thesis
Main Report
LIST OF ABBREVIATIONS
API - APPLICATION PROGRAMMING INTERFACE
CLI - COMMAND LINE INTERFACE
CVE - COMMON VULNERABILITIES AND EXPOSURES
CVSS - COMMON VULNERABILITY SCORING SYSTEM
FTP - FILE TRANSFER PROTOCOL
GUI - GRAPHICAL USER INTERFACE
IDS - INTRUSION DETECTION SYSTEM
IOT - INTERNET OF THINGS
IP - INTERNET PROTOCOL
IPS - INTRUSION PREVENTION SYSTEM
IT - INFORMATION TECHNOLOGY
OS - OPERATING SYSTEM
SLA - SERVICE LEVEL AGREEMENT
SQL - STRUCTURED QUERY LANGUAGE
SSH - SECURE SHELL
VPN - VIRTUAL PRIVATE NETWORK
Master’s Thesis
Main Report
CHAPTER 1. INTRODUCTION
Background and Context

Scalability, efficiency, and flexibility are just a few advantages of the disruptive
technology known as cloud computing. However, the quick uptake of cloud
services has also given rise to fresh security issues. Organizations hosting their
applications and data in the cloud must protect their assets from various security
vulnerabilities. Vulnerability scanners play a crucial role in identifying and
mitigating these vulnerabilities. Among the popular vulnerability scanners,
Nessus and OpenVAS are widely used in the industry. This research project aims
to provide a comparative analysis of these two scanners in a cloud environment.
Information system attacks and security lapses are happening more frequently
and with more sophistication. Before being exploited by attackers, security flaws
must be found and proactively fixed by businesses (Savaglia, J. and Wang, P,
2017).
A vulnerability scanner is a piece of software that scans a network's design,

identifies vulnerabilities, and offers solutions to fix them. The difference between
vulnerability detection and remediation detection is crucial in this context; a
scanner may miss a vulnerability yet still manage to offer remedial
recommendations. For instance, the Microsoft Security Bulletin MS09-012 has
four vulnerabilities; as a result, identifying just one of them will allow for the
remediation of the others. In a similar vein, a vulnerability might be discovered
but not properly addressed. The good news is that if a vulnerability is
appropriately recognised, several helpful references can usually be reviewed.
These references are frequently beneficial for both workarounds and software
updates. Using a network vulnerability scanner to audit a network typically
consists of three steps: vulnerability analysis, vulnerability scanning, and network
scanning (Manzuik et al., 2007).
Technical flaws like software flaws (like CVE-2008-4250) and configuration

mistakes (like using weak passwords) are major causes of risk in enterprise
networks because they give attackers the potential to compromise the
confidentiality, integrity, and availability of their assets. Therefore, effective
Master’s Thesis
Main Report
vulnerability management is a crucial organisational security activity nowadays

(Anderson, 2003).
The laborious effort of manually keeping track of every vulnerability present in

systems and remediating it as necessary is unsuitable for today's complex IT
settings (Arkin et al., 2005).
Organizations can quickly discover and resolve possible security threats in their
network infrastructure by automating the vulnerability detection and remediation
process using a vulnerability scanner such as Nessus and OpenVAS, which
lowers the risk of data breaches and other security events.
Figure 1-1 Vulnerability Scanner System Illustration
Figure 1-1 Vulnerability Scanner System Illustrationdepicts a high-level overview

of a vulnerability scanner system, including the key components involved such
as the targets (IP addresses and hostnames), vulnerability database (known
vulnerabilities and associated data), scan engine, the scanning devices itself
(vulnerability detection and plugins), scan execution (initiating and monitoring
scans), and scan results (identified vulnerabilities) and result generation.
Master’s Thesis
Main Report
Statement of the Problem

The goal is to evaluate and compare the performance features, and effectiveness
of Nessus and OpenVAS vulnerability scanners, to help in selecting the scanner
that best fits your requirements, specifically in the context of the cloud.
Research Aims and Objective

Overall aim
This research aims to conduct a comprehensive comparative analysis of
Vulnerability Scanners so organizations can decide to select the most suitable
security vulnerability scanner that aligns with their specific requirements and
infrastructure.
Specific Objectives
Specifically, this research aims to achieve the following objectives.
• To assess the range and depth of vulnerability scanning capabilities

offered by each scanner, including network scanning, web application
scanning, and configuration assessment.
• To evaluate the effectiveness and accuracy of each scanner in detecting
known vulnerabilities.
• To measure the performance and scalability of each scanner, taking into
consideration factors such as scanning speed, resource utilization, and
ability to handle large-scale environments.
• To evaluate the usability and user interface of each scanner, including
ease of installation, configuration, and management. Assess the
availability of documentation, support resources, and user community.
• To evaluate the reporting capabilities of each scanner, including the
comprehensiveness, clarity, and customization options of the generated
reports. Assess the ability of the scanner to provide actionable
recommendations for vulnerability remediation.
Relevance and Importance of the Research

The study's findings will offer a thorough comparison of Nessus and OpenVAS in
cloud environments. The findings will provide information about these
Master’s Thesis
Main Report
vulnerability scanners' scanning capability, accuracy, reporting features,

integration and compatibility, performance, user-friendliness, and cost-
effectiveness. The project will provide useful suggestions to support businesses
in selecting the best vulnerability scanner for their cloud-based assets.This
research distinguishes itself from studies conducted in non-cloud environments
through the following key points:
• Cloud-Specific Vulnerabilities: Cloud computing introduces a distinct set

of security challenges, including shared responsibility models, virtualized
environments, and dynamic resource allocation. By specifically addressing
vulnerability assessment within a cloud context, this research
acknowledges and responds to these unique challenges that differ from
traditional non-cloud settings.
• Scalability and Resource Constraints: Cloud environments offer
scalability, but they also come with resource limitations and varying
infrastructure configurations. This research examines how vulnerability
scanners handle these factors, providing insights into their adaptability and
efficiency in a cloud context – a consideration not prominent in non-cloud
studies.
• Impact on Shared Resources: Cloud instances share resources, leading
to potential vulnerabilities that might not manifest similarly in non-cloud
setups. This research investigates how scanners detect and mitigate
vulnerabilities while accounting for shared resources and the potential
impact on neighbouring instances.
• Integration with Cloud Services: Cloud environments often incorporate a
diverse array of services and platforms. Studying vulnerability scanners'
integration with these services highlights their compatibility and
effectiveness within the cloud ecosystem, a dimension not as prevalent in
non-cloud studies.
• Compliance and Regulatory Frameworks: Cloud environments often
operate within specific compliance and regulatory frameworks. This
research explores how vulnerability scanners assist organizations in
Master’s Thesis
Main Report
adhering to these frameworks while securing cloud-based assets, a

consideration less emphasized in studies outside the cloud domain.
• Complexity of Configuration and Management: Cloud setups can be
complex due to their distributed and dynamic nature. This research delves
into how vulnerability scanners cope with the intricacies of cloud
configuration and management, a factor that may differ significantly from
non-cloud environments.
Research Questions
• How do the scanning capabilities of Nessus and OpenVAS compare in
terms of their ability to detect vulnerabilities in cloud instances?
• What is the accuracy and effectiveness of Nessus and OpenVAS in
detecting known vulnerabilities in cloud deployments?
• How do the reporting capabilities of Nessus and OpenVAS differ in
generating comprehensive and actionable vulnerability assessment
reports specific to cloud environments?
• How do they differ in terms of ease of integration and interoperability?
• What are the user-friendliness and ease of management of Nessus and
OpenVAS in cloud deployments? How do they compare in terms of
installation, configuration, and ongoing maintenance?
Scope and Limitation of Study

The scope of the study on the comparative analysis of security vulnerability
scanners Nessus and OpenVAS in a cloud environment includes:
• Comparative analysis: The study will focus on comparing the features,

capabilities, and performance of Nessus and OpenVAS specifically in the
context of vulnerability scanning in cloud environments.
• Scanning capabilities: The analysis will assess the scanning capabilities
of Nessus and OpenVAS.
• Vulnerability detection: The study will evaluate the effectiveness and
accuracy of Nessus and OpenVAS in detecting known vulnerabilities.
Master’s Thesis
Main Report
• Reporting and remediation: The analysis will explore the reporting

capabilities of Nessus and OpenVAS in generating comprehensive
vulnerability assessment reports.
The limitations of the study:

• Specific to Nessus and OpenVAS: The study focuses solely on comparing
Nessus and OpenVAS and may not encompass all vulnerability scanners
available in the market. Other scanners with unique features and
capabilities may not be included in the analysis.
• Limited to Cloud Environments: The study primarily considers vulnerability
scanning in cloud environments (AMAZON EC2 Instance) and may not
fully address vulnerability assessment in other contexts, such as on-
premises infrastructure or hybrid environments.
• Organization-specific Factors: The study does not account for specific
organizational factors, such as size, industry, or unique requirements,
which may influence the selection and effectiveness of vulnerability
scanners in individual organizations.
• Evaluation Criteria: While the study provides a comparative analysis, the
specific evaluation criteria and weighting of factors may vary based on the
researcher's judgment and the specific needs of the organization.
Thesis Organisation
This report is organised into the following chapters.
Chapter 2: Literature Review

The literature review aims to establish a theoretical foundation for the
comparative analysis and identify key factors to be considered in evaluating these
scanners. The chapter begins with an overview of vulnerability scanning, followed
by a discussion on the features and capabilities of Nessus and OpenVAS. It then
explores previous studies, research papers, and industry reports that have
examined vulnerability scanners and their effectiveness.
Master’s Thesis
Main Report
Chapter 3: Methodology
This chapter presents the methodology employed in the research project on the
comparative analysis of security vulnerability scanners Nessus and OpenVAS in
cloud environments. The chapter also discusses the testbed setup, selection of
evaluation criteria, and ethical considerations.
Chapter 4: Implementation
This chapter delves into the practical aspects of the project by detailing how to
set up the cloud environment and configure both NESSUS and OpenVAS. also
explain the specific scanning policies and configurations used, as well as any
data collected during the implementation process. Additionally, this chapter
addresses the difficulties faced and the solutions employed to ensure the
successful execution of the project.
Chapter 5: Result
This chapter presents the overall conclusion drawn from the comparative analysis
of security vulnerability scanners Nessus and OpenVAS in cloud environments.
It summarizes the key findings from Chapter 4 and discusses their implications.
Based on the findings, this chapter also provides recommendations for
organizations seeking to select a vulnerability scanner for their cloud-based
deployments.
Chapter 6 Conclusion and Recommendations, Contribution to Knowledge

The key contribution to knowledge and its significance to the subject of cyber
security will be highlighted in this chapter.
Master’s Thesis
Main Report
CHAPTER 2. LITERATURE REVIEW
Introduction
Cloud environments introduce unique security challenges, such as shared
resources, multi-tenancy, and dynamic scalability. Security vulnerability scanners
play a vital role in mitigating these challenges by identifying vulnerabilities in
cloud-based systems. Before going into the specifics of the approaches
suggested in this dissertation, an overview of some key ideas is explored. It's no
surprise that there is several Vulnerability Scanning software, there are numerous
vulnerability scanner tools available in the market, both commercial and open-
source, offering a range of features and capabilities such as Nessus, OpenVAS,
Qualys, Rapid7 Nexpose, and many more. The requirement for automation,
scalability, accuracy, and integration with changing technology landscapes has
spurred the evolution of vulnerability scanners, which has been influenced by the
threat landscape's constant change and technological advancements.
Today, vulnerability scanners are critical tools in identifying and mitigating

security weaknesses, helping organizations proactively protect their systems and
data from potential threats. In the early days of computing, vulnerability
assessment was primarily a manual process. System administrators or security
experts would manually inspect systems, networks, and applications for
vulnerabilities.
Master’s Thesis
Main Report
Literature Review References

The table below summarises the references used for this literature, and the methodology utilised is a combined method made up of
quantitative and quantitative analysis.
Reference Relevance Methodology Strengths Limitations Contribution

Kejiou, A. and Bekaroo, G., 4 Experimental Makes use of Nessus and Focuses on WLANs Implementation of
2022 OpenVAS vulnerability only open-source tools to
scanner detect vulnerabilities
Khounborine, C., 2023 3 Experimental Multi-platform and various Only the accuracy of Compare the accuracy
type of vulnerability was the vulnerability of these scanners
considered scanners was
considered
Chalvatzis et al., 2019 4 Experimental a methodology for Perform on a virtual Knowledge base
evaluation that is suited for machine comparison
simulating business
environment risk
assessment
deRito, C. and Bhatia, S., 2022 3 Experimental Analysis of Open-Source Focus on IoT devices Review on Open-
Vulnerability Scanners for source vulnerability
IoT Devices scanner
Holm, H. et al., 2011 2 Qualitative Nessus Scanner was OpenVAS was not Features of Nessus
critically evaluated used as a tool for scanner
vulnerability scanning
Master’s Thesis
Main Report
Chalvatzis et al., 2020 4 Experimental Developed a framework for No Comparative Provides a complete
suitable setup and usage of analysis as the setup and
virtual machines making risk research focuses on analysis of the
analysis practical and the risk assessment proposed tools
capable of comparing
different vulnerability
scanners
Xia, Y., Liu, C. and Yu, K., 3 Qualitative Design and Implementation Focus more on Implementation of
2020 of Vulnerability Scanning OpenVAS only, OpenVAS
Tools Nessus was not
discussed
do Castelo, V., 2021 4 Qualitative Performance Assessment of Focused on the Technical Features
Free-to-Use Vulnerability accuracy and were compared and
Scanners precision analysed
Arambatzis, T., Lazaridis, I. 5 Experimental the comparison and Limited to the number Comparison and
and Pouros, S., 2015 analysis of vulnerabilities in of Operating Systems, analysis of
modern Windows OS no recent OS was vulnerabilities in
used modern Windows
operating
systems
Master’s Thesis
Main Report
Chikohora, E. & Mogomeli, L. 2 Qualitative Impact of Network No Specific Impact of Vulnerability
2021 Vulnerability Vulnerability Scanner Scanner
Scanners on Network was used
Security
Aksu, M.U., Altuncu, E. and 3 Qualitative analyse OpenVAS from No in-depth OpenVAS is analysed
Bicakci, K., 2019 a usable security Knowledge of
perspective Vulnerability scanner
Shahid, J., Hameed, M.K., 1 Qualitative Comparison of Selected Insufficient Skills for Quality of a web
Javed, I.T., Qureshi, K.N., Ali, Web Assessment Tools Exploitation application scanner
M. and Crespi, N., 2022
Antrobus, R., Frey, S., Green, 1 Experimental Specialised Vulnerability No deep analysis was Nessus tool was one
B. and Rashid, A., 2016 Scanner for Industrial performed of the tools compared
Control Systems
Chen, A. and Zhang, Z., 2021 2 Qualitative Credential and non- No comparison with Nessus Scanner was
credential vulnerability other tools used to scan the host
scanning was the study
Table 2-1 Table of References
Master’s Thesis
Main Report
Literature Review
Holm et al. (2011) examine if platforms utilised affect how reliably automated
vulnerability scanning identifies vulnerabilities in computer networks. For seven
different scanners, comparisons of the functionality on a qualitative and
quantitative level, as well as of false positives and false negatives, are made. The
study demonstrates how effectively automated vulnerability scanners function
when it comes to discovering security issues in a network and focuses on the
direct output of automated scans about the vulnerabilities they identify. Given that
user credentials are accessible for the hosts in your network, the results show
that a vulnerability scanner is a useful tool to have in your security toolbox.
However, manual work is required in addition to automated screening to obtain
adequate accuracy regarding network security issues.
Arambatzis et al. (2015) solely focus on vulnerabilities in current Windows

operating systems that are compared and analysed. The Internet has been used
to demonstrate the existence of vulnerabilities in most Windows operating
systems, including Windows XP and 10. Three vulnerability scanners are used to
fulfil two scanning techniques. Results from measurement comparisons show
each scanner's potential for uncovering a wide range of vulnerabilities as well as
the potency of recently published service packs for fixing operating system
issues.
The comparison of Simatic Scan and Nessus shows the potential benefits of
hybrid IT/OT approaches, especially when used in conjunction with already-
existing general-purpose systems like Nessus (Antrobus et al., 2016). A
SHODAN search of the three PLCs used in the evaluation was conducted by the
researcher to further demonstrate the significance of such specialised systems.
141 S7-1200, 40 S7-300, and 14 ET 200SP PLCs connected to the worldwide
internet were also found. The danger from any unpatched or previously
discovered vulnerabilities in these PLCs is high. By identifying vulnerabilities with
specialised tools like Simatic Scan, such risks can be reduced by Antrobus et al.
(2016)
Master’s Thesis
Main Report
Aksu et al. (2019) conducted both expert and user-based testing to assess the
usability of OpenVAS 9.0, a popular open-source vulnerability detection tool.
While 10 cybersecurity professionals are chosen to participate in the user-based
testing, expert-based testing is carried out using heuristic analysis and cognitive
walkthrough techniques. As a result, they spot potential hazards that could result
in insecurity or a delusion of security and offer solutions to avoid them. They also
talk about how well the techniques used for usability testing work. Finally, a
collection of heuristics built from prior work and customised for their application
is offered for reuse in future research.
Chalvatzis et al. (2019) in the same year as Aksu, M.U., Altuncu, E. and Bicakci,
the objective is to offer a virtual machine-based testing framework for the
effectiveness of vulnerability scanners used in organisations, with an emphasis
on small and medium-sized ones. Based on the experimental evaluation
framework with virtual machine testing that is presented here, this paper also
compares three of the most well-known free vulnerability scanning solutions
(Nessus, OpenVAS, and Nmap Scripting Engine) in terms of how well-known they
can be used to automate the process of risk assessment in an organisation.
Xia et al. (2020) examine the current state of the industrial control system network
for intelligent substations as well as the major issues with current security
measures. A vulnerability scanning system based on OpenVAS is created after
the characteristics of the intelligent substation industrial control network are
analysed. The vulnerability scanning system performs and functions better than
the original vulnerability scanning system, which significantly enhances system
security and lowers system risk
Chalvatzis et al. (2020) before his research in 2019 offered a virtual machine-
based testing framework for the effectiveness of vulnerability scanners used in
organisations, this research report's objective is to offer a realistic, all-inclusive
framework based on virtual machines for evaluating the machine-based
performance of vulnerability scanners employed in such organisations, with an
emphasis on small and medium-sized ones, in the context of risk evaluation
analysis. This study also compares three popular free vulnerability scanners
Master’s Thesis
Main Report
(Nessus, OpenVAS, and Nmap Scripting Engine) in terms of how they might be
utilised to systematise the risk assessment process in an organisation. The
proposed methodology is centred on creating a framework for proper virtual
machine setup and usage, which enables risk analysis and allows for the
comparison of various vulnerability scanners.
A prominent way to find security issues in computer systems is vulnerability

scanning. Credentialed vulnerability scanning and non-credentialed vulnerability
scanning are the two categories of scanning techniques. In this study, they
compare the scan results from 67 common hosts that were subjected to the two
techniques of scanning utilising Nessus. According to their analysis, the results
of the credentialed scans typically overlap the results of the uncredentialed scans.
Additionally, the security level of the hosts affects how the scan findings change,
and this variance generally exhibits linearity. Chen et al. (2021)
Also, in 2022 deRito and Bhatia's (2022) goal is to address every aspect of using
these applications, including their usability, support options, scanner
effectiveness, mitigation guidance, and other operational data. In the end, a
thorough evaluation of each scanner will be offered, outlining its benefits and
drawbacks as well as the ideal applications for it. These findings are intended to
offer an educational perspective on which vulnerability scanner should be chosen
for an individual based on a practical examination and comparison.
Kejiou and Bekaroo (2022) This Research provides a careful overview and
analysis of the most important WLAN vulnerability scanners. Four tools—Nessus
Vulnerability Scanner, OpenVAS, Nexpose, and GFI LanGuard—are assessed
as part of the inquiry, and after actual use, insights are offered. The fact that
different vulnerability scanners handle various types and numbers of
vulnerabilities—and that some of them can be more granular than others, even
in terms of the user output—is one of the important conclusions. Additionally, the
scan time varied amongst tools and was unrelated to the number of vulnerabilities
found.
Master’s Thesis
Main Report
Lastly, Khounborine (2023) investigates the many scanner categories and seeks
to make the difficult decision of choosing the best vulnerability scanner for a
person's needs easier by surveying and comparing vulnerability scanners. Before
delving into the vulnerability scanners on the market, background data is given
regarding the kinds of testing a vulnerability scanner may use and the many kinds
of vulnerability scanners accessible. The sorts of vulnerability scanners that were
most frequently discovered in the study are highlighted in this thesis, including
application scanners, database scanners, and network-based scanners. The
accuracy of two network scanners, OpenVAS, and Nessus is also compared in
this thesis, along with the results and their consequences.
Cloud Computing and Security Vulnerabilities

Cloud computing offers numerous benefits, such as scalability, cost-
effectiveness, and accessibility. However, it also introduces unique security
vulnerabilities and challenges. Mitigating these vulnerabilities requires a
combination of technical controls, robust security practices, ongoing monitoring,
and collaboration between organizations and cloud service providers.
Implementing strong access controls, encryption, regular vulnerability
assessments, threat detection, and incident response plans are critical in
securing cloud environments and protecting sensitive data (Chou, 2013) Figure
2-1 Threats in the Cloud Environment shows the threats in the cloud (Winkler,
2011)
Master’s Thesis
Main Report
Figure 2-1 Threats in the Cloud Environment
Figure 2-1 Threats in the Cloud Environment showcases some common threats
in a cloud environment and Data privacy options to secure the cloud, threats listed
below can cause data loss in cloud environments.
• Bring Your Own Device (BYOD): environments where employee bring

their own devices.
• External Threats: vulnerabilities that originate from outside an
organization's network or system perimeter.
• Internal Threats: Malicious actions by employees or authorized users.
Security Vulnerability Scanners

Security vulnerability scanners are software tools that identify security
weaknesses or vulnerabilities in systems, networks, applications, and
infrastructure. They play a crucial role in proactive security measures by helping
organizations identify potential risks and take appropriate actions to mitigate
them. These scanners assist businesses in evaluating their cloud security
posture and implementing preventative measures to reduce potential dangers.
Master’s Thesis
Main Report
(Erturk, 2017), Figure 2-2 How a vulnerability scanner works below illustrates how
a vulnerability scanner works (Tundis et al., 2018).
Figure 2-2 How a vulnerability scanner works
Figure 2-2 How a vulnerability scanner works This illustration provides a

simplified overview of how a vulnerability scanner works to identify potential
security weaknesses within systems and applications. The process involves
configuration, scanning, analysis, and reporting to help organizations address
vulnerabilities and enhance their overall cybersecurity posture.
Common Vulnerability Scoring System (CVSS)

Common Vulnerability Scoring System (CVSS) is employed to evaluate and
quantify the seriousness of vulnerabilities in software and systems. It enables
organisations to properly prioritise their responses and distribute resources by
giving them a consistent and objective way to assess the possible impact of a
risk. By giving vulnerabilities a score, CVSS makes it simpler to compare and
rank them according to the dangers they may present. (Schiffman et al., 2004).
Master’s Thesis
Main Report
Key components of the CVSS include:

• Base Metrics: These metrics represent the intrinsic characteristics of a
vulnerability and include elements like the access vector, access
complexity, authentication requirements, confidentiality impact, integrity
impact, and availability impact. These metrics help to determine the
potential impact of a vulnerability under certain circumstances.
• Temporal Metrics: These metrics capture the temporal aspects of a
vulnerability, such as how the vulnerability's impact may change over time.
They include factors like exploitability, remediation level, and report
confidence.
• Environmental Metrics: These metrics allow organizations to customize
the CVSS score based on their specific environment and circumstances.
They consider factors like the impacted users, business impact, and any
compensating controls in place.
Each of these components contributes to a numeric score on a scale of 0 to

10, with higher scores indicating greater severity. The scores are divided into
severity levels
Master’s Thesis
Main Report
The scoring scale is shown in Table 2-2 Common Vulnerability Scoring System
(CVSS) (Mell et al., 2006).
Risk Base Example Vulnerabilities

level Score
None 0 Protocol detection, operating system identification, device kind,

and software version disclosure
Low 0.1-3.9 Browsable Web Directory, Internal Information Disclosure, and

Unencrypted Communications
Medium 4.0-6.9 Web directory traversal, command injection, remote information

disclosure, and file access
High 7.0-9.9 Malformed Packet Injection, Password Hash Disclosure, Privilege

Escalation, and Redirect Denial of Service
Critical 10.0 Buffer overflows, Default Credentials, Unsupported Operating

System Versions, Remote Code Execution
Table 2-2 Common Vulnerability Scoring System (CVSS)
CVSS-Based Severity
CVSS-based severity is determined by calculating a numerical score based on
various metrics, which helps organizations prioritize and respond to
vulnerabilities. CVSS versions 2 and 3 have different metrics and scoring
systems.
Differences Between CVSSv2 and CVSSv3

The Common Vulnerability Scoring System (CVSS) is a standardized framework
used to assess and communicate the severity of security vulnerabilities. There
are two main versions of CVSS: CVSSv2 (Common Vulnerability Scoring System
version 2) and CVSSv3 (Common Vulnerability Scoring System version 3).
(Nowak et al., 2021)
Master’s Thesis
Main Report
Severity CVSSv2 Range CVSSv3 Range

Critical 10.0. 9.0 and 10.0.
High 7.0 and 9.9. 7.0 and 8.9.
Medium 4.0 and 6.9. 4.0 and 6.9.
Low 0.1 and 3.9. 0.1 and 3.9.
Info CVSSv2 score is 0. CVSSv3 score is 0.
Table 2-3 CVSS-Based Severity
CVSSv2 Scoring Scale:

The CVSSv2 scoring scale ranges from 0.0 to 10.0, with higher scores indicating
higher severity. The severity is divided into three main categories (Ibidapo et al.,
2011)
Low Severity (0.0 - 3.9):
Vulnerabilities with low impact, which might not pose a significant risk.
Medium Severity (4.0 - 6.9):
Vulnerabilities with moderate impact could potentially compromise

confidentiality, integrity, or availability to some extent.
High Severity (7.0 - 10.0):
significant flaws that could undermine the confidentiality, integrity, or

availability of the system on a large scale.
CVSSv2 also provides subcategories (access complexity, authentication, and

impact) that contribute to the overall score.
CVSSv3 Scoring Scale:

The CVSSv3 scoring scale, introduced to improve upon the limitations of
CVSSv2, uses a numeric score ranging from 0.0 to 10.0, like CVSSv2. However,
CVSSv3 introduces some significant changes:
Low Severity (0.0 - 3.9):
Vulnerabilities with low impact and low risk.

Master’s Thesis
Main Report
Medium Severity (4.0 - 6.9):
Vulnerabilities with moderate impact that could cause a partial

compromise of confidentiality, integrity, or availability.
High Severity (7.0 - 8.9):
High-impact vulnerabilities could seriously jeopardise confidentiality,

integrity, or availability.
Critical Severity (9.0 - 10.0):
Vulnerabilities with critical impact that could result in full compromise of

confidentiality, integrity, or availability.
CVSSv3 also incorporates the concept of "attack vectors" and "attack complexity"
to provide a more detailed assessment of the vulnerability's context and potential
risk. (Spring et al., 2021)
Both CVSSv2 and CVSSv3 are extensively used for evaluating and
communicating the seriousness of vulnerabilities, with CVSSv3 being advised
because of its enhancements over CVSSv2, such as an emphasis on user and
environmental aspects that affect the total severity score. It is significant to
highlight that while the scoring scales offer a uniform method of evaluating
vulnerabilities, the actual interpretation and response to a vulnerability may vary
depending on the context and risk management procedures of the company. (Fall
and Kobayashi, 2019).
Overview of Nessus and OpenVAS

While both Nessus and OpenVAS share the common goal of identifying
vulnerabilities, they differ in terms of licensing (commercial vs. open-source),
feature sets, support, and integration capabilities. Organizations often choose
between them based on factors such as budget, functionality requirements, and
community involvement (Holik et al., 2019).
These tools play a crucial role in bolstering cybersecurity by assisting

organizations in proactively identifying and addressing vulnerabilities within their
IT infrastructures.
Master’s Thesis
Main Report
Nessus
Nessus is a widely recognized and comprehensive vulnerability scanner
developed by Tenable. It is one of the most popular commercial vulnerability
assessment tools available in the market. Nessus is trusted by organizations
worldwide for its comprehensive scanning capabilities, extensive plugin
coverage, and robust reporting and analysis features. (Nessus, 2023) It helps
organizations identify vulnerabilities, prioritize remediation efforts, and strengthen
their overall security posture. (Jetty, 2018). Numerous research studies and
industry reports have cited Nessus as a fundamental tool in vulnerability
management and risk assessment. Its widespread adoption demonstrates its
significance in identifying security weaknesses across a diverse range of systems
and applications. Nessus offers significant value in the realm of cybersecurity; it
is important to consider both its positive aspects and areas for improvement:
Strengths:
• Comprehensive Vulnerability Detection: Nessus is renowned for its

extensive vulnerability detection capabilities. It boasts a vast and
continuously updated database of plugins, allowing it to identify a wide
range of vulnerabilities across various systems, applications, and
platforms.
• Reporting and Analysis: The tool provides detailed and customizable

reports that offer actionable insights into identified vulnerabilities. These
reports aid security professionals in prioritizing and addressing threats
effectively.
• Integration and Compatibility: Nessus offers integration with numerous

third-party security tools and platforms, enhancing its versatility and ability
to fit into existing security ecosystems.
• Compliance Auditing: Nessus can perform compliance checks against

industry standards and regulations, which is valuable for organizations
striving to adhere to specific security benchmarks.
Master’s Thesis
Main Report
• Scalability: The tool is designed to cater to both small-scale and large-

scale network environments, making it suitable for organizations of varying
sizes.
Limitations:
• Cost: Nessus is a commercial tool with associated licensing fees, which

can be a significant factor for organizations with budget constraints,
especially when compared to open-source alternatives.
• Resource Intensiveness: In larger scans, Nessus can consume

considerable system resources, impacting the overall performance of the
scanned environment.
• False Positives: Like any vulnerability scanner, Nessus may generate

false positives, necessitating manual verification and potentially leading to
unnecessary investigation efforts.
• Usability Complexity: While Nessus offers a wide array of features, its rich
functionality can make it complex to configure and use, particularly for less
experienced users.
• Dependency on Plugin Updates: The tool heavily relies on its plugin

database, and timely plugin updates are crucial to detecting the latest
vulnerabilities. Delays in updates could potentially leave systems exposed
to emerging threats.
Overall Assessment:
Nessus remains a dominant player in vulnerability assessment due to its

comprehensive detection capabilities, reporting features, and scalability. It is
particularly valuable for organizations with dedicated security teams and
substantial budgets. However, its cost, resource consumption, and potential false
positives should be carefully considered. While Nessus excels in certain areas,
Master’s Thesis
Main Report
organizations seeking a balance between functionality and budget may explore

alternative solutions, including open-source vulnerability assessment tools,
depending on their specific requirements and constraints (Chalvatzis et al., 2019)
OpenVAS
OpenVAS (Open Vulnerability Assessment System) is a widely used open-
source vulnerability scanner. Because OpenVAS is an open-source solution, it
offers enterprises wishing to conduct vulnerability assessments without paying
high licencing fees an affordable choice. It is a dependable option for vulnerability
scanning and evaluation thanks to its vibrant community and plugin development,
which provide continual upgrades and enhancements, The open-source nature
of OpenVAS makes it an attractive option for research and practical use. Studies
often highlight its role in vulnerability assessment, particularly in environments
where cost considerations are paramount. (Rahalkar et al., 2019). OpenVAS
offers valuable capabilities for organizations seeking cost-effective vulnerability
scanning, it is important to assess both its positive aspects and areas that might
require improvement:
Strengths:
• Open-Source Nature: OpenVAS's open-source model makes it an

attractive choice for organizations with limited budgets, enabling access to
vulnerability scanning without substantial licensing costs.
• Vulnerability Detection: OpenVAS provides a wide range of vulnerability

detection capabilities, facilitated by its plugin-based architecture. Regular
plugin updates help keep the tool current with emerging threats.
• Scalability: The tool is designed to cater to various network sizes, making

it suitable for small to large environments. This scalability enhances its
flexibility and adaptability.
• User Interface: OpenVAS offers a user-friendly web-based interface that

simplifies scan configuration, result interpretation, and report generation.
Master’s Thesis
Main Report
• Community Involvement: Being open-source encourages community

contributions, fostering continuous development, bug fixes, and
improvements.
Limitations:
• Resource Intensiveness: Like other vulnerability scanners, large-scale

scans in OpenVAS can consume significant system resources, potentially
impacting performance.
• False Positives: The tool might generate false positives, necessitating

manual verification and potentially diverting valuable time and effort.
• Integration Challenges: While OpenVAS supports integration with other

tools, the range and depth of integrations might be more limited compared
to some commercial alternatives.
• Support and Documentation: Although the community contributes to

support and documentation, official support and comprehensive
documentation might not match that of commercial solutions.
• Usability Complexity: Despite its user-friendly interface, OpenVAS might

still pose challenges for less experienced users when configuring
advanced features.
Overall Assessment:
OpenVAS serves as a valuable resource for organizations seeking vulnerability

assessment capabilities without the financial commitment of commercial tools. Its
open-source nature, scalability, and detection capabilities make it a worthwhile
choice, particularly for smaller organizations and security enthusiasts. However,
potential challenges with resource consumption, false positives, and integration,
along with considerations around support and documentation, should be
considered. OpenVAS represents an opportunity for organizations to engage with
a cost-effective solution, but a careful evaluation of its fit within the broader
Master’s Thesis
Main Report
security infrastructure is essential to maximizing its benefits (Keijo and Bekaroo,

2022)
Comparative Analysis of Nessus and OpenVAS

Comparative analysis of Nessus and OpenVAS, two popular vulnerability
scanners, helps organizations make informed decisions about which tool best
suits their needs. When deciding between Nessus and OpenVAS, organizations
should consider factors such as budget, desired plugin coverage, support needs,
integration requirements, and overall ease of use. Both tools have their strengths
and can provide valuable vulnerability assessment capabilities, so it's important
to align the choice with the organization's specific needs and resources (Keijo
and Bekaroo, 2022).
While both Nessus and OpenVAS share the common objective of identifying
vulnerabilities, they differ in terms of their licensing model, features, support, and
integration capabilities. Research comparing these two tools can shed light on
their respective strengths and limitations, guiding organizations in selecting the
most suitable vulnerability assessment solution based on their specific
requirements and constraints. Understanding these tools' capabilities and impact
on research and practice is crucial for informing effective vulnerability
management strategies.
Master’s Thesis
Main Report
Figure 2-3 OpenVAS vs. Nessus: Tabular Comparison (Hoffman, 2023)
Table 2-4 Features Comparison below also shows some of the features that
Nessus and OpenVAS offer in comparison to each other (Web, 2019).
Features Nessus OpenVAS

Asset Discovery ✓ ✓
Assets Targeting  ✓
Network Scanning ✓ ✓
Patch Management  
Prioritization ✓ ✓
Policy management ✓ 
Risk Management  ✓
Vulnerability Assessment ✓ ✓
Web scanning ✓ ✓
Table 2-4 Features Comparison
Master’s Thesis
Main Report
Knowledge Gap
The knowledge gap in the comparative analysis of security vulnerability scanners
(Nessus and OpenVAS) in a cloud environment pertains to a lack of
comprehensive and up-to-date research that directly compares the performance,
effectiveness, and suitability of these two scanners within the unique context of
cloud computing. While both Nessus and OpenVAS are well-known vulnerability
assessment tools, there exists a need for in-depth research that specifically
examines their performance and capabilities within cloud environments.
Summary
According to the literature assessment, Nessus, and OpenVAS each have
advantages and disadvantages when used in cloud contexts. Various factors,
including the organization's budget, the complexity of the cloud infrastructure, and
the desired amount of customization, will determine which of the two scanners is
best for a given situation. The results of this assessment can be used by security
experts and cloud administrators to make knowledgeable judgments when
choosing a security vulnerability scanner for their cloud-based systems.
Master’s Thesis
Main Report
CHAPTER 3. METHODOLOGY
1. To comprehend the principles of cloud computing, vulnerability scanning,

and the features of Nessus and OpenVAS, conduct a thorough literature
review.
2. Create and configure a model cloud environment using virtual machines,

containers, and cloud-based services.
3. Install and configure Nessus and OpenVAS within the cloud environment.
4. Develop a test plan and select a diverse set of known vulnerabilities to

evaluate the scanners' effectiveness.
5. Perform vulnerability scans using both scanners and analyse the results.
6. Evaluate and compare the performance of Nessus and OpenVAS in terms

of scan speed, resource utilization, and detection rate rates.
7. Conclude gathering and analysing quantitative data.
Research Design
The research methodology for comparing security vulnerability scanners in a
cloud context will be described in this section. The research design offers a
blueprint for how the study will be carried out, outlining the general strategy, data
collection procedures, and analysis methodologies.
Master’s Thesis
Main Report
scan
Report
scan
Figure 3-1 Research Design
Master’s Thesis
Main Report
Figure 3-1 Research Design succinctly showcases the research design, depicting
three instances set up on AWS EC2. Among these, two instances are equipped
with the Nessus scanner and OpenVAS respectively. These instances are
employed to conduct vulnerability scans on the third instance, designated as the
target host created for vulnerability assessment.
Start
Setup Cloud
Environment
Deploy
Nessus and
OpenVAS
Run
Vulnerability
Scan
Evaluate
Vulnerability
Detection
Collect
Performance
Metrics
End
Figure 3-2 Implementation Flow Chart
Figure 3-2 Implementation Flow Chart illustrate the flow of operations involved in
scanning the cloud instances.
Master’s Thesis
Main Report
Experimental Setup: Deploy Nessus and OpenVAS: Define Scanning Parameters:

• Create a cloud environment using AWS • Launch separate instances for Nessus • Set up scanning profiles and
• Specify the configurations and and OpenVAS on the cloud configurations for both Nessus and
specifications environment. OpenVAS.
• Set up security groups and network • Decide on scan types
settings to allow necessary
communication.
Evaluate Vulnerability Detection: Collect Performance Metrics: Perform Vulnerability Scans:

• Analyze the results of Nessus and • Gather performance metrics from both • Initiate vulnerability scans using Nessus
OpenVAS scans to identify scanners, including scan speed, and OpenVAS
vulnerabilities detected by each resource utilization (CPU, memory), and • Record the time taken for each scan to
scanner. storage usage. complete.
• Record and compare the results for
each metric
Interpret and Analyze Results: Conclude:

• Compare the performance, • Summarize the findings of the
effectiveness, and suitability of Nessus comparative analysis.
and OpenVAS in the cloud environment. • Draw conclusions regarding which
• Identify strengths and weaknesses of scanner is more effective and suitable
each scanner. for securing cloud environments.
Figure 3-3 Research Flow
Master’s Thesis
Main Report
Figure 3-3 Research Flow illustrates the systematic sequence of steps and
activities undertaken during the research project.
Study Approach
The research design will employ a comparative analysis approach to evaluate

and compare the effectiveness, performance, and features of Nessus and
OpenVAS in a cloud environment. This strategy entails methodically evaluating
and contrasting the scanners using set standards and measurements.
Data Collection Methods

To gather data for the comparative analysis, the following data collection methods
will be employed:
• Installation and Configuration: The process of installing and configuring

Nessus and OpenVAS within the cloud environment will be documented.
This includes noting any challenges or issues encountered during the
setup.
• Test Cases and Vulnerabilities: A wide range of test cases and
vulnerabilities to gauge how well the scanners work. These might include
well-known flaws in web apps, network services, and cloud infrastructure.
• Performance Metrics: Performance metrics such as scan speed and
resource utilization (CPU and memory usage) will be measured during the
vulnerability scans.
• Data Collection: Data will be collected from the scanners' output reports,
logs, and any additional relevant information generated during the
scanning process.
Analysis Techniques
The collected data will be analysed using both quantitative and qualitative
analysis techniques. The specific analysis techniques to be employed include:
• Effectiveness Evaluation: The vulnerability detection capabilities of

Nessus and OpenVAS will be assessed by comparing the identified
vulnerabilities with the known vulnerabilities in the test cases. The
detection rates and accuracy will be measured.
Master’s Thesis
Main Report
• Performance Evaluation: Based on the scan speed, resource usage,

and false positive/negative rates, the scanners' performance will be
assessed. To evaluate the variations in performance between the
scanners, statistical comparisons will be made.
• Feature Comparison: The characteristics and functionalities of Nessus
and OpenVAS will be thoroughly compared. This will entail locating and
assessing the distinct characteristics pertinent to vulnerability scanning
in a cloud context.
Ethical Considerations
Ethical considerations will be considered throughout the research process. This
includes ensuring compliance with ethical guidelines regarding data collection,
privacy, and confidentiality. Additionally, any necessary permissions and
approvals will be obtained from relevant parties for conducting the research.
Overall, the research design will provide a structured and systematic approach to
carry out the comparative analysis of Nessus and OpenVAS in a cloud
environment. It will guide the data collection and analysis process, allowing for
meaningful and valid conclusions to be drawn.
Research Philosophy
Pragmatism fits in well with the objectives of this study, which are to offer useful
information and suggestions for choosing the best vulnerability scanner for
securing cloud systems. The need to address actual issues and come up with
workable solutions is emphasised by pragmatic thinking. Nessus and OpenVAS,
two widely used vulnerability scanners, will be compared in this context, and their
performance in a cloud setting will be evaluated. This has real ramifications for
businesses that rely on cloud services.
Cloud Environment Setup

This section will outline the procedure for setting up the cloud infrastructure
needed to conduct the Nessus and OpenVAS comparison analysis. A realistic
cloud architecture, including virtual machines, containers, and cloud-based
services, will be simulated by the cloud environment.
Master’s Thesis
Main Report
1. Selection of Cloud Platform:
Amazon Web Services (AWS) cloud platform will be selected for this research
because it supports the deployment of virtual machines and containers and
Considers factors like availability, pricing, and compatibility with the chosen
vulnerability scanners.
2. Account Setup:
An existing student account will be used on Amazon Web Services (AWS)
3. Virtual Machine Configuration:
Virtual machines (VMs) within the cloud platform emulate different components
of the cloud environment. Considering the following:
a. Three (2) Instances of VMs needed for the comparative analysis.
b. Linux operating system (OS) will be used and it is compatible with

both scanners.
4. Access Control and Security:
Implement appropriate access controls and security measures within the cloud
environment. This may include:
a. Configuring user accounts and permissions for accessing the cloud

resources.
b. Enabling multi-factor authentication for enhanced security.
c. Implementing encryption protocols (e.g., SSL/TLS) for secure data

transmission.
d. Setting up security groups and firewall rules to restrict access to

vulnerable systems.
5. Cloud Service Integration:
Integrate cloud-based services that may be relevant for vulnerability scanning,

such as databases, storage services, or load balancers. This will allow for
comprehensive testing and evaluation of the scanners' capabilities.
Master’s Thesis
Main Report
6. Validation and Testing:
Thoroughly validate and test the cloud environment to ensure its stability,
functionality, and compatibility with Nessus and OpenVAS. Verify that the VMs,
containers, and services are properly configured and can communicate with each
other. Once the cloud environment is set up and validated, it will serve as the
foundation for installing and configuring Nessus and OpenVAS, as well as
conducting the vulnerability scans and comparative analysis.
7. Installation and Configuration of Nessus
In this section, the process of installing and configuring Nessus, one of the
security vulnerability scanners, within the cloud environment will be described.
8. Installation and Configuration of OpenVAS
In this section, the process of installing and configuring OpenVAS, another

security vulnerability scanner, within the cloud environment will be described.
9. Selection of Test Cases and Vulnerabilities
OWASP Security Shepherd will be used for the test case which will be installed
as the target OS to scan for vulnerabilities, OWASP Security Shepherd is a web
and mobile application designed to teach various security concepts. It offers
challenges to learn about common vulnerabilities and secure coding practices.
10. Performance Metrics and Evaluation Criteria
In this section, the performance metrics and evaluation criteria for assessing the
effectiveness of Nessus and OpenVAS in a cloud environment will be outlined.
Consider the following metrics and criteria for conducting the comparative
analysis:
Vulnerability Detection Accuracy:
• Measure the accuracy of each scanner in detecting and identifying

vulnerabilities in the cloud environment.
• Compare the number of true positive and false positive findings for each
scanner.
Master’s Thesis
Main Report
• Calculate the detection accuracy rate by dividing the number of correctly

identified vulnerabilities by the total number of vulnerabilities.
Vulnerability Severity Classification:
• Assess how accurately each scanner classifies the severity levels of

identified vulnerabilities.
• Compare the severity classifications assigned by each scanner with

industry-standard severity ratings (e.g., CVSS scores).
• Analyse the consistency and correctness of severity classification for

different vulnerability types.
Scan Speed and Performance:
• Measure the speed and efficiency of each scanner in conducting

vulnerability scans in a cloud environment.
• Compare the time taken by each scanner to complete scans of varying

sizes and complexities.
• Assess the impact of scanning on the performance of the cloud

environment, including resource utilization and network congestion.
Coverage of Vulnerability Types:
• Evaluate the breadth and depth of vulnerability coverage provided by each

scanner.
• Assess the ability of each scanner to detect different types of

vulnerabilities commonly found in cloud environments.
• Consider vulnerability categories such as misconfigurations, software

vulnerabilities, weak authentication mechanisms, and insecure protocols.
Reporting Capabilities:
• Evaluate the reporting features and capabilities of each scanner.
• Assess the clarity, completeness, and structure of vulnerability reports

generated by each scanner.
Master’s Thesis
Main Report
• Consider the availability of customizable report templates, integration

options, and support for regulatory compliance reporting.
These performance metrics and evaluation criteria will help in comparing the
effectiveness, efficiency, and usability of Nessus and OpenVAS in the context of
vulnerability scanning within a cloud environment.
Data Collection and Analysis

The process of data collection and analysis for comparing the performance of
Nessus and OpenVAS in a cloud environment will be outlined.
1. Data Collection:
• Execute the selected test cases using both Nessus and OpenVAS
scanners in the cloud environment.
• Run the scanners individually on the same set of test cases to ensure
a fair comparison.
• Collect the scan results generated by each scanner, including identified

vulnerabilities, severity levels, and other relevant information.
• Capture data on scan speed, resource utilization, and any other

performance metrics of interest.
2. Data Recording:
• Record the collected data in a structured format such as a database.
• Include details such as the scanner used, test case description,

vulnerability details, severity ratings, and timestamps.
• Document any discrepancies or observations during the scanning process

for further analysis.
Data Analysis:
• Analyse the collected data to evaluate the performance of Nessus and

OpenVAS.
• Compare the vulnerability detection accuracy, false positive/negative

rates, and severity classification for each scanner.
Master’s Thesis
Main Report
• Calculate the average scan speed and resource utilization for both
scanners.
• Identify any patterns, trends, or anomalies in the data that may affect the
assessment of each scanner's performance.
Statistical Analysis:
• Apply appropriate statistical analysis techniques to the collected data,

depending on the research objectives and nature of the data.
• Use statistical measures such as mean, median, standard deviation, or

confidence intervals to summarize and compare the performance metrics
of each scanner.
Visualization:
• Create visual representations of the data to aid in understanding and

interpretation.
• Utilize charts, graphs, and plots to present the findings clearly and
concisely.
• Choose appropriate visualization techniques based on the type of data

and the key insights you want to convey.
Interpretation and Conclusion:
• Interpret the analysed data and conclude the performance of Nessus and
OpenVAS in the cloud environment.
• Assess the strengths and weaknesses of each scanner based on the

collected data and analysis.
• Evaluate the scanners' effectiveness, efficiency, and usability against the

defined evaluation criteria and research objectives.
Documentation:
• Document the data collection and analysis process, including the

methodology, tools used, and any assumptions or limitations.
Master’s Thesis
Main Report
• Present the results and findings of the comparative analysis.
• Include visualizations, tables, and supporting evidence to enhance the

clarity and credibility of the findings.
The data collection and analysis process will provide empirical evidence and
insights into the performance of Nessus and OpenVAS in the cloud environment.
The findings will help in making informed decisions and recommendations
regarding the selection and implementation of vulnerability scanners in cloud
security practices.
Master’s Thesis
Main Report
CHAPTER 4. IMPLEMENTATION

The setup and configuration of the cloud environment using Amazon Web
Services (AWS) for conducting the comparative analysis of NESSUS and
OpenVAS vulnerability scanners are described. AWS was chosen as the cloud
platform due to its widespread adoption and comprehensive suite of services.
1. AWS Account Creation
The first step in setting up the cloud environment was the creation of an AWS
account. An existing account was used, which was associated with appropriate
permissions to provision and manage AWS resources as shown in Figure 4-1.
Figure 4-1 Aws Account Setup
2. Virtual Private Cloud (VPC) Configuration
A new Virtual Private Cloud (VPC) “vpc-0cbe0fdfc07e14fc3 / samad-vpc” was

created in the AWS account. The VPC provided the isolated network environment
in which the cloud infrastructure would be deployed. The following details were
configured:
IPv4 CIDR Block: A private IPv4 CIDR block was selected to define the IP
address range for the VPC – “192.168.0.0/24” as shown in Figure 4-2
Master’s Thesis
Main Report
Figure 4-2 Virtual Private Cloud (VPC)
3. Subnet Configuration
Within the VPC, public and private subnets were created to segregate the
resources based on their accessibility from the internet. as shown in Figure 4-3
The following subnets were configured:
Public Subnet: The public subnet was associated with a route table that allowed
Internet access, enabling resources within this subnet to communicate with the
Internet.
Private Subnet: The private subnet was associated with a routing table that did
not have a direct internet gateway, providing an additional layer of security for
sensitive resources.
Note the Subnet was auto-assigned.
Figure 4-3 Subnet Configuration
Master’s Thesis
Main Report
4 Key Pair
Setting up a key pair is essential for securely accessing and connecting to
Amazon EC2 instances as shown in Figure 4-4. The key pair consists of two
parts: a public key and a private key. The private key should be kept secret and
never shared, while the public key is used to authenticate and access the EC2
instance. The Downloaded “samad-key. pem” .pem file was used to access the
remote desktop connections to the instances.
Figure 4-4 Key Pair
5. Security Group Setup
Security Groups were used to control inbound and outbound traffic to resources
within the VPC as shown in Figure 4-5. The following security groups were
created:
Public Security Group:
This group allowed inbound SSH (Secure Shell) access from specific IP
addresses for remote management purposes.
Private Security Group:
This group was used to restrict inbound traffic only to specific ports necessary for
the operation of the cloud resources.
Inbound Rule: The rule was configured to allow all inbound traffic
Outbound Rule:
The rule was configured to also allow all outgoing traffic
Note: Allowing all traffic is not a best practice in setting up security groups
Master’s Thesis
Main Report
Figure 4-5 Security Groups
6.EC2 Instance Provisioning
Amazon Elastic Compute Cloud (EC2) instances were used to deploy virtual
machines in the cloud environment. Figure 4-6 shows the EC2 dashboard while
Figure 6-7 shows the instances created. The following steps were performed:
AMI Selection: An appropriate Amazon Machine Image (AMI) was selected

based on the desired operating system and configurations.
Instance Type: The EC2 instance type was chosen based on the resource
requirements and performance characteristics.
Instance Placement: Instances were deployed in both the public and private
subnets, depending on their intended use and accessibility.
Master’s Thesis
Main Report
Figure 4-6 Dashboard _ EC2 Management Console
Figure 4-7 EC2 Instances
Master’s Thesis
Main Report
Installation and Configuration of NESSUS

The NESSUS vulnerability scanner is installed on an Instance within the cloud
environment. The installation process involved obtaining the latest version of
NESSUS from the official website and following the provided instructions in the
appendix. The necessary licenses and credentials were acquired to activate the
scanner and enable all features.
Figure 4-8 below shows the IP address of the Nessus Host (KALI OS) with an IP
Address of 192.168.230.131
Figure 4-8 Nessus Host OS
Figure 4-9 Nessus Initialisation
Master’s Thesis
Main Report
Nessus is initialised in the Kali terminal with “systemctlm start nessusd” and its
status is confirmed with “systemctlm status nessusd” as shown in Figure 4-9
while Figure 4-10 shows the account settings.
Figure 4-10 Nessus Account
Figure 4-11 shows the Nessus Account Home Scan Templates.
Figure 4-11 Nessus Home
Master’s Thesis
Main Report
Configuration of NESSUS involved setting up scan policies tailored to the cloud

environment's characteristics and security requirements. This included defining
the target IP ranges, selecting the desired vulnerability checks, and specifying
scan frequency and duration was also configured to facilitate seamless
interaction with the cloud infrastructure.
A New scan is Configured with the Target IP with a suitable name and a unique
description of the scan as shown in Figure 4-12 below.
Figure 4-12 Nessus Scan Settings
Figure 4-13 shows the Credential Tab and the Authentication method.
Figure 4-13 Nessus Scan Credentials
Master’s Thesis
Main Report
Figure 4-14 Nessus Scan Type
Figure 4-14Figure 4-14 above shows the scan type for the Discovery options to
discover all vulnerabilities
Figure 4-15 below shows the Scan List which is initiated by clicking on the play
button on the scan list.
Figure 4-15 Nessus Scan List
Master’s Thesis
Main Report
Installation and Configuration of OpenVAS

Similarly, the OpenVAS vulnerability scanner was installed on a separate EC2
instance within the cloud environment. The installation process followed the
documented procedures specific to the chosen Kali operating system.
Dependencies and prerequisites were installed to ensure a smooth installation.
Figure 4-16 OpenVAS welcome this is a screenshot taken when the open vas is
successfully installed and configured.
Figure 4-16 OpenVAS welcome
Figure 4-17 OpenVAS SSL Due to the SSL certificate not being present for the
connection the interface shows a warning alerting me that the connection is not
private.
Figure 4-17 OpenVAS SSL
Master’s Thesis
Main Report
The configuration of OpenVAS involved creating scan configurations that aligned

with the cloud environment's specific needs. This included defining the target
hosts, selecting the appropriate scan plugins and policies, and adjusting scan
parameters such as intensity and scan timing.
Figure 4-18 OpenVAS Home
Figure 4-18 OpenVAS Home shows the dashboard of the task and the
vulnerability Database.
Figure 4-19 OpenVAS IP Target Config The configuration and the scan policy
have been set
Figure 4-19 OpenVAS IP Target Config
Master’s Thesis
Main Report
Figure 4-20 OpenVAS SSH the authentication is set here.
Figure 4-20 OpenVAS SSH
Figure 4-21 OpenVAS Target Config The configurations and the scanning
parameters are been set before scanning.
Figure 4-21 OpenVAS Target Config
Master’s Thesis
Main Report
Figure 4-22 OpenVAS Task
Figure 4-22 OpenVAS Task shows the current task/completed task.
Scanning Policies and Configurations

The scanning policies and configurations applied to NESSUS and OpenVAS are
described in detail. The purpose of this section is to outline the specific settings
and parameters used during the vulnerability assessment process, ensuring a
consistent and fair evaluation of both scanners.
OpenVAS was configured to target the same IP hosts as specified in the

NESSUS scanning policy. This ensured a consistent evaluation of vulnerabilities
across the cloud infrastructure.
Conducting Vulnerability Scans

Once NESSUS and OpenVAS were successfully installed and configured,
vulnerability scans were conducted in the cloud environment. A comprehensive
test plan was designed, outlining the specific objectives, target systems, and scan
parameters for each scanner.
Scans were executed on the designated target hosts within the cloud
environment, and the scanners' progress and results were monitored. Scan
outputs, including vulnerability reports, were collected for further analysis and
comparison.

The results of the vulnerability scans performed by NESSUS and OpenVAS were
collected and recorded. Data such as scan accuracy, Scan time, vulnerability
Master’s Thesis
Main Report
detection capabilities, and resource utilization were analysed and compared

between the two scanners.
Appropriate statistical or analytical techniques were applied to derive meaningful

insights from the collected data. The evaluation metrics defined in Chapter 3 were
used as a basis for quantitative and qualitative comparisons between NESSUS
and OpenVAS.
Overall, the implementation phase provided the necessary groundwork for the
subsequent evaluation and analysis of NESSUS and OpenVAS in the cloud
environment. The next chapter will present the findings and discussions based
on the collected data and analysis.
Challenges and Solutions

Installing and configuring Nessus and OpenVAS (Open Vulnerability Assessment
System) in a cloud environment for vulnerability scanning presents some
challenges, but these challenges were overcome with careful planning and
implementation. Here are some common challenges faced and solutions
adopted:
Network Configuration:
Challenge:
Network configurations are complex, and proper network access needs to be

established for the vulnerability scanner to reach the target systems.
Solution:
Ensured that the necessary firewall rules, security groups, and network settings
were correctly configured to allow communication between the vulnerability
scanner and the target systems. Configure appropriate routing and networking
rules to ensure seamless communication. i.e., the Network is set to allow all
incoming traffic and outgoing traffic in the same VPC
Figure 4-23 Incoming / Outgoing Rules shows the traffic allowed on the
VPCFigure 4-24 AWS Bill
Master’s Thesis
Main Report
Figure 4-23 Incoming / Outgoing Rules
Resource Allocation:
Challenge:
Allocating sufficient resources (CPU, memory, storage) to the vulnerability

scanning tools in a cloud environment can be challenging to achieve optimal
performance.
Figure 4-24 AWS Bill
Master’s Thesis
Main Report
Solution:
Monitor the resource utilization of the scanners and adjust the resource allocation
as needed. Cloud providers often offer auto-scaling and resource management
tools that can help ensure that the scanners have the resources they need.
Authentication and Credentials:
Challenge:
Providing proper authentication and credentials for scanning various cloud-based

services and resources can be complex.
Solution:
Use IAM (Identity and Access Management) roles and permissions provided by
your cloud provider to grant necessary access to the scanners. Store credentials
securely using cloud-native secrets management services or encrypted key
stores as shown in. Figure 4-25 IAM Dashboard
Figure 4-25 IAM Dashboard
Master’s Thesis
Main Report
CHAPTER 5. RESULTS AND DISCUSSION
Vulnerability Detection:
Nessus Scanner successfully identified 769 vulnerabilities across the target
environment. Its extensive vulnerability database contributed to the
comprehensive detection of various security issues. While OpenVAS Detecting
404 vulnerabilities, OpenVAS exhibited a slightly narrower coverage compared
to Nessus. This may be attributed to differences in the vulnerability databases or
detection algorithms. Among the 769 vulnerabilities detected, 310 were identified
as common vulnerabilities shared with OpenVAS. This indicates a significant
overlap in their detection capabilities, Nessus Uniquely detected 459
vulnerabilities that were not found by OpenVAS. This suggests that Nessus might
excel in identifying certain types of vulnerabilities or have a more expansive
vulnerability database as shown in Table 5-1 Vulnerability Detected below
Severity Nessus Results OpenVAS Results CVSS 2 Severity Scale
0 206 113 None/Info
1 4 1
2 22 11 Low
3 5 3
4 65 34
5 85 80 Medium
6 112 57
7 129 60
High
8 66 10
9 37 18
Critical
10 38 17
Table 5-1 Vulnerability Detected
Master’s Thesis
Main Report
Figure 5-1 Result by Number of Vulnerabilities and Figure 5-2 Pie Chart
Comparison shows the scan differences by chart
Result by CVSS
250
200
150
100
50
0
0 1 2 3 4 5 6 7 8 9 10
Nessus Results OpenVAS Results
Figure 5-1 Result by Number of Vulnerabilities
Nessus Vulnerability OpenVAS Vulnerability

Detection Detection
5 5
10% 9%
1 1
27% 4 28%
4 17%
25%
2 2
4% 4%
3 3
34% 42%
1 2 3 4 5 1 2 3 4 5
Figure 5-2 Pie Chart Comparison
Master’s Thesis
Main Report
Vulnerability Severity Classification

vulnerability severity classification by CVSS 2 between Nessus and OpenVAS
highlights their similar capabilities in identifying and categorizing vulnerabilities
based on potential impact as shown in Table 5-2 Vulnerability Severity
Classification and Figure 5-3 Vulnerability Severity Classification. While there
were differences in the number of vulnerabilities detected within each severity
level, both tools demonstrated competency in detecting vulnerabilities ranging
from information disclosures to critical system compromises.
Severity Nessus OpenVAS
Info 206 113
Low 31 15
Medium 262 171
High 195 70
Critical 75 35
Table 5-2 Vulnerability Severity Classification
Vulnerability Severity Classification
300
250
200
150
100
OpenVAS
50
NESSUS
0
Info Low Medium High Critical
NESSUS OpenVAS
Figure 5-3 Vulnerability Severity Classification
Master’s Thesis
Main Report
Scanning Duration
Nessus exhibited a longer scanning time of 180 minutes, which allowed for a
more thorough exploration of the target environment and in-depth vulnerability
detection. OpenVAS, with a scanning time of 120 minutes, demonstrated its
efficiency in identifying vulnerabilities within a shorter duration. as shown in
Figure 5-4 Scanning Duration
Scan Speed
120
Scan Speed (minutes)
180
0 20 40 60 80 100 120 140 160 180 200
OpenVAS NESSUS
Figure 5-4 Scanning Duration
Support and Documentation

Nessus: The commercial version of Nessus is known for its accuracy and
performance. It has a large vulnerability database and is regularly updated to
include the latest threats and vulnerabilities. (deRito et al., 2022)
OpenVAS: OpenVAS also offers accurate vulnerability scanning, but it might be

perceived as slightly slower compared to Nessus, especially in larger network
environments. (deRito et al., 2022)
Reporting Capabilities
Both Nessus and OpenVAS aim to provide users with comprehensive and
customizable reporting capabilities to effectively communicate vulnerability
information and guide remediation efforts. (khounborinne, 2023)
Master’s Thesis
Main Report
CHAPTER 6. CONCLUSION, RECOMMENDATION AND FUTURE

WORKS
Conclusion
The assessment of vulnerability scanning capabilities encompassing network
scanning, web application scanning, and configuration assessment revealed that
Nessus excels in uncovering a broader spectrum of vulnerabilities, demonstrating
its prowess in comprehensive analysis. Meanwhile, OpenVAS's shorter scanning
time offers a compelling advantage for time-sensitive scenarios, ensuring swift
insights into potential risks, which is particularly valuable for agile cloud
operations.
Both scanners were evaluated for their effectiveness and accuracy in detecting
known vulnerabilities, including common threats like SQL injection, XSS, and
insecure configurations. Nessus and OpenVAS exhibited competency in
identifying these vulnerabilities, showcasing their relevance in safeguarding cloud
environments from prevalent risks.
Furthermore, the performance and scalability assessment considered scanning

speed, resource utilization, and the ability to handle large-scale environments.
While Nessus demonstrated a deeper vulnerability discovery capability,
OpenVAS showcased its efficiency in rapidly assessing vulnerabilities, catering
to scenarios where speed is paramount.
Usability and user interface evaluations emphasized the importance of

installation, configuration, and management ease. Both Nessus and OpenVAS
provided user-friendly interfaces, with Nessus offering a more comprehensive
range of documentation, support, and user resources.
The reporting capabilities of the scanners were thoroughly assessed, focusing on

report comprehensiveness, clarity, customization, and actionable
recommendations. Nessus and OpenVAS both proved adept at generating
informative reports, aiding organizations in making informed decisions for
vulnerability remediation strategies.
Master’s Thesis
Main Report
In summary, the comparative analysis highlights that while Nessus discovers a

higher number of vulnerabilities, OpenVAS's shorter scanning time offers an
efficient solution for rapid vulnerability assessment. Organizations must weigh the
trade-offs between comprehensive analysis and scanning speed, aligning their
choice between Nessus and OpenVAS with their unique cloud security objectives
and operational requirements.
Recommendation
Based on the comprehensive comparative analysis conducted between Nessus
and OpenVAS. Organizations seeking an effective security vulnerability scanner
should consider a thorough evaluation tailored to their specific requirements and
infrastructure. To facilitate an informed decision-making process, I recommend
undertaking a comprehensive comparative analysis of various vulnerability
scanners, encompassing the following aspects:
➢ Diverse Scanning Capabilities: Evaluate the range and depth of

vulnerability scanning capabilities offered by different scanners, including
network scanning, web application scanning, and configuration
assessment. Prioritize scanners that align closely with your organization's
technological landscape and potential threat vectors.
➢ Effectiveness and Accuracy: Assess the effectiveness and accuracy of
scanners in detecting known vulnerabilities, such as common threats like
SQL injection, XSS, and insecure configurations. This evaluation will
gauge the scanner's ability to safeguard your systems from prevalent risks.
➢ Performance and Scalability: Measure the performance and scalability
of scanners, considering factors like scanning speed, resource utilization,
and the ability to handle large-scale environments. A scanner's efficiency
in analysing vulnerabilities while accommodating your infrastructure's
growth is pivotal.
➢ Usability and User Interface: Evaluate the usability and user interface of
scanners, focusing on aspects such as installation, configuration, and
management ease. Select scanners that offer intuitive interfaces and
Master’s Thesis
Main Report
comprehensive documentation to streamline deployment and ongoing

usage.
➢ Reporting Capabilities: Thoroughly assess the reporting capabilities of
scanners, emphasizing the comprehensiveness, clarity, customization,
and actionable recommendations provided in generated reports. Effective
reporting will empower your organization to make informed decisions and
prioritize vulnerability remediation efforts.
➢ Vendor Support and Community: Consider the availability of vendor
support resources, such as customer assistance and technical guidance,
as well as the presence of an active user community. Engaging with a
supportive ecosystem can significantly enhance your experience with the
chosen vulnerability scanner.
By conducting a comprehensive comparative analysis based on these

recommendations, organizations can confidently select a security vulnerability
scanner that aligns with their unique requirements, infrastructure, and strategic
objectives. This proactive approach ensures the adoption of an optimal scanner
that not only detects vulnerabilities effectively but also enhances the overall
security posture of the organization in the dynamic landscape of cloud
environments.
Future works
Building upon the current comparative analysis of Nessus and OpenVAS in a
cloud environment, several avenues for future research and exploration can
further enhance the understanding of vulnerability scanners and their applicability
to modern security challenges:
• Advanced Vulnerability Types: Investigate the scanners' capabilities in

detecting advanced and evolving vulnerability types, such as zero-day
exploits, supply chain vulnerabilities, and hardware-based attacks. This
future work could shed light on the scanners' adaptability to emerging
threats.
• Cloud-Native Vulnerabilities: Focus on vulnerabilities specific to cloud-
native environments, such as misconfigurations in serverless
Master’s Thesis
Main Report
architectures, container vulnerabilities, and API security. Assess how

different scanners address these unique challenges.
• Machine Learning and AI Integration: Explore the integration of machine
learning and artificial intelligence techniques into vulnerability scanners to
enhance accuracy, reduce false positives, and identify anomalies that
might not be easily detected by traditional means.
• Real-time Monitoring and Mitigation: Investigate the feasibility of real-time
vulnerability monitoring and automated mitigation using vulnerability
scanners. This could involve developing workflows and integrations with
existing security tools to enhance incident response capabilities.
• Integration with DevOps and CI/CD Pipelines: Explore the integration of
vulnerability scanners within DevOps and continuous
integration/continuous deployment (CI/CD) pipelines, enabling automated
vulnerability assessments as part of the development lifecycle.
• Multi-Cloud Environments: Extend the analysis to multi-cloud
environments, evaluating how vulnerability scanners perform across
different cloud providers and hybrid cloud scenarios.
Future research in these areas would help us understand vulnerability scanners'

capabilities, how well they match up with changing security concerns, and
whether they can be effective protection in cloud environments and other settings.
Reflection
Undertaking the comparative analysis of Nessus and OpenVAS in a cloud
environment has been an enlightening and thought-provoking experience. The
complexity and changing nature of the cybersecurity ecosystem became clear
when I dug more into the nuances of these vulnerability scanners. My awareness
of vulnerability management has grown as a result of the study, which also
brought to light the crucial function that these tools have in securing contemporary
IT infrastructures.
Master’s Thesis
Main Report
Through this analysis, I've come to appreciate the nuanced trade-offs that
organizations must consider when selecting a vulnerability scanner. While
Nessus demonstrated a remarkable ability to uncover a wide range of
vulnerabilities, OpenVAS's shorter scanning time showcased the importance of
swift insights in fast-paced cloud environments. This realization has reinforced
the idea that security strategies must align with the specific goals and constraints
of an organization, ensuring an optimal balance between thorough analysis and
operational efficiency.
Furthermore, the process of conducting this analysis emphasized the significance

of staying updated with the latest advancements in the field. The rapid evolution
of vulnerabilities, coupled with the emergence of new threat vectors, underscores
the ongoing need for continuous research and adaptation. As I consider the
potential future directions outlined, including exploring advanced vulnerability
types and integrating machine learning, I'm reminded of the ever-evolving nature
of cybersecurity and the imperative to stay at the forefront of innovation.
Finally, this comparative research has expanded my knowledge of vulnerability

scanners while also highlighting the value of making informed choices when it
comes to cybersecurity. My desire to understand more about vulnerability
management's complexity and to support ongoing efforts to improve internet
security has been stoked by this. I'm honoured to be a member of a group that
strives to protect and build our digital society as new risks emerge as technology
advances.
Master’s Thesis
Main Report
REFERENCES
Ademowo, A., 2010. Testing Mail Server Vulnerabilities and Recommending Control
Measures: A Case of Interglobal Limited.
Antrobus, R., Frey, S., Green, B. and Rashid, A., 2016, October. Simaticscan: Towards
a specialised vulnerability scanner for industrial control systems. In 4th International
Symposium for ICS & SCADA Cyber Security Research 2016 4 (pp. 11-18).
Arambatzis, T., Lazaridis, I. and Pouros, S., 2015, September. Modern Windows
Operating Systems Vulnerabilities. In The Second International Conference on
Information Security and Digital Forensics (ISDF2015) (p. 53).
Araújo, R., Pinto, A. and Pinto, P., 2021, June. A performance assessment of free-to-
use vulnerability scanners revisited. In ICT Systems Security and Privacy Protection:
36th IFIP TC 11 International Conference, SEC 2021, Oslo, Norway, June 22–24, 2021,
Proceedings (pp. 53-65). Springer International Publishing.
Chalvatzis, I., Karras, D.A., and Papademetriou, R.C., 2020. Reproducible modelling and
simulating security vulnerability scanners evaluation framework towards risk
management assessment of small and medium enterprises business networks. Indian J.
Sci. Technol, 13(37), pp.3910-3943.
Chen, A. and Zhang, Z., 2021, September. A Comparative Study of Credentialed

Vulnerability Scanning and Non-credentialed Vulnerability Scanning. In 2021 IEEE Intl
Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud
Computing, Sustainable Computing & Communications, Social Computing & Networking
(ISPA/BDCloud/SocialCom/SustainCom) (pp. 1613-1616). IEEE.
Daud, N.I., Bakar, K.A.A. and Hasan, M.S.M., 2014, August. A case study on web
application vulnerability scanning tools. In 2014 Science and Information
Conference (pp. 595-600). IEEE.
do Castelo, V., 2021, June. A Performance Assessment of Free-to-Use Vulnerability

Scanners-Revisited. In ICT Systems Security and Privacy Protection: 36th IFIP TC 11
International Conference, SEC 2021, Oslo, Norway, June 22–24, 2021,
Proceedings (Vol. 625, p. 53). Springer Nature.
Download Tenable Nessus vulnerability assessment (no date) Tenable®. Available at:
https://www.tenable.com/products/nessus (Accessed: 26 June 2023).
Master’s Thesis
Main Report
Erturk, E. and Rajan, A., 2017. Web Vulnerability Scanners: A Case Study. arXiv preprint
arXiv:1706.08017.
Fall, D. and Kadobayashi, Y., 2019. The common vulnerability scoring system vs. rock
star vulnerabilities: Why the discrepancy? ICISSP, pp.405-411.
Grobauer, B., Walloschek, T. and Stocker, E., 2010. Understanding cloud computing
vulnerabilities. IEEE Security & Privacy, 9(2), pp.50-57.
Harrell, C.R., Patton, M., Chen, H. and Samtani, S., 2018, November. Vulnerability
assessment, remediation, and automated reporting: Case studies of higher education
institutions. In 2018 IEEE International Conference on Intelligence and Security
Informatics (ISI) (pp. 148-153). IEEE.
Hoffman, J. (n.d.). OpenVAS vs. Nessus: How Different are the Two? [online]
WisdomPlexus. Available at: https://wisdomplexus.com/blogs/openvas-vs-nessus/.
Holm, H., Sommestad, T., Almroth, J. and Persson, M., 2011. A quantitative evaluation
of vulnerability scanning. Information Management & Computer Security, 19(4), pp.231-
247.
Howland, H., 2023. Cvss: Ubiquitous and broken. Digital Threats: Research and
Practice, 4(1), pp.1-12.
Ibidapo, A.O., Zavarsky, P., Lindskog, D. and Ruhl, R., 2011, October. An analysis of
CVSS v2 environmental scoring. In 2011 IEEE Third International Conference on
Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on
Social Computing (pp. 1125-1130). IEEE.
Jetty, S., 2018. Network Scanning Cookbook: Practical Network Security Using Nmap
and Nessus 7.
Kejiou, A. and Bekaroo, G., 2022, October. A review and comparative analysis of
vulnerability scanning tools for wireless LANs. In 2022 3rd International Conference on
Next Generation Computing Applications (NextComp) (pp. 1-6). IEEE.
Khounborine, C., 2023. A Survey and Comparative Study on Vulnerability Scanning

Tools.
Mell, P. and Scarfone, K., 2007. Improving the common vulnerability scoring system. IET
Information Security, 1(3), pp.119-127.
Master’s Thesis
Main Report
Mell, P., Scarfone, K. and Romanosky, S., 2006. Common vulnerability scoring
system. IEEE Security & Privacy, 4(6), pp.85-89.
Mell, P., Scarfone, K. and Romanosky, S., 2007, June. A complete guide to the common
vulnerability scoring system version 2.0. In Published by the FIRST forum of incident
response and security teams (Vol. 1, p. 23).
Nessus vs. openvas advantages and disadvantages explained (2019) Learn Ethical
Hacking and Penetration Testing Online. Available at:
https://www.hackingloops.com/nessus-vs-openvas. (Accessed: 21 July 2023).
Nowak, M., Walkowski, M. and Sujecki, S., 2021, September. Conversion of CVSS Base
Score from 2.0 to 3.1. In 2021 International Conference on Software,
Telecommunications and Computer Networks (SoftCOM) (pp. 1-3). IEEE.
Pandey, S. and Chaudhary, A., 2022. Vulnerability Scanning.
Rahalkar, S. and Rahalkar, S., 2019. OpenVAS. Quick Start Guide to Penetration
Testing: With NMAP, OpenVAS and Metasploit, pp.47-71.
Schiffman, M., Wright, A., Ahmad, D. and Eschelbeck, G., 2004. The common
vulnerability scoring system. National Infrastructure Advisory Council,
Vulnerability Disclosure Working Group, Vulnerability Scoring Subgroup.
Schiffman, M., Wright, A., Ahmad, D. and Eschelbeck, G., 2004. The common
vulnerability scoring system. National Infrastructure Advisory Council, Vulnerability
Disclosure Working Group, Vulnerability Scoring Subgroup.
Spring, J., Hatleback, E., Householder, A., Manion, A. and Shick, D., 2021. Time to
Change the CVSS? IEEE Security & Privacy, 19(2), pp.74-78.
Tundis, A., Mazurczyk, W. and Mühlhäuser, M., 2018, August. A review of network
vulnerabilities scanning tools: types, capabilities, and functions. In Proceedings of the
13th International Conference on Availability, Reliability and Security (pp. 1-10).
Xia, Y., Liu, C. and Yu, K., 2020, February. Design and Implementation of Vulnerability
Scanning Tools for Intelligent Substation Industrial Control System Based on Openvas.
In IOP Conference Series: Earth and Environmental Science (Vol. 440, No. 4, p.
042031). IOP Publishing.
BIBLIOGRAPHY
Master’s Thesis
Main Report
Gilbert, K. and Caudill, B., 2019. Hands-on Aws penetration testing with Kali Linux: Set
up a virtual lab and pentest major Aws services, including EC2, S3, Lambda, and
CloudFormation. Packt Publishing Ltd.
Harrison, L., Spahn, R., Iannacone, M., Downing, E., and Goodall, J.R., 2012, October.
Nv: Nessus vulnerability visualization for the web. In Proceedings of the Ninth
International Symposium on Visualization for Cyber Security (pp. 25-32).
Holik, F., Horalek, J., Marik, O., Neradova, S. and Zitta, S., 2014, November. Effective
penetration testing with Metasploit framework and methodologies. In 2014 IEEE 15th
International Symposium on Computational Intelligence and Informatics (CINTI) (pp.
237-242). IEEE.
Hu, Y., Sulek, D., Carella, A., Cox, J., Frame, A., Cipriano, K. and Wang, H.X., 2016.
Efficient Distributed Vulnerability Assessment by Utilizing Miniaturized Computers.
Indu, I., Anand, P.R. and Bhaskar, V., 2018. Identity and access management in a cloud
environment: Mechanisms and challenges. Engineering Science and Technology, an
international journal, 21(4), pp.574-588.
Lerida, J.L., Grackzy, S.M., Vina, A. and Andujar, J.M., 1999, October. Detecting security
vulnerabilities in remote TCP/IP networks: an approach using security scanners.
In Proceedings IEEE 33rd Annual 1999 International Carnahan Conference on Security
Technology (Cat. No. 99CH36303) (pp. 446-460). IEEE.
Malik, N. and Kamboj, S., 2022, October. Cyber security issues and challenges
comparative study. In AIP Conference Proceedings (Vol. 2555, No. 1). AIP Publishing.
Mburano, B. and Si, W., 2018, December. Evaluation of web vulnerability scanners
based on owasp benchmark. In 2018 26th International Conference on Systems
Engineering (ICSEng) (pp. 1-6). IEEE.
Nowak, M.R., Walkowski, M. and Sujecki, S., 2023. Support for the Vulnerability
Management Process Using Conversion CVSS Base Score 2.0 to 3. x. Sensors, 23(4),
p.1802.
Vimala, K. and Fugkeaw, S., 2022, January. VAPE-BRIDGE: Bridging OpenVAS Results
for Automating Metasploit Framework. In 2022 14th International Conference on
Knowledge and Smart Technology (KST) (pp. 69-74). IEEE.
Ylonen, T., 1996, July. SSH–secure login connections over the Internet. In Proceedings
of the 6th USENIX Security Symposium (Vol. 37, pp. 40-52).
Master’s Thesis
Main Report
APPENDIX
Appendix A: Gantt Chart
Research and Literature Review
Define Evaluation Criteria
Installation and Configuration of Nessus
Installation and Configuration of OpenVAS
Selection of Test Cases and Vulnerabilities
Comparative Analysis
Results and Findings
Conclusion and Recommendations
Finalize Thesis and Writing
Revision and Proofreading
Submission
Viva Presentation
2023-01-01 2023-02-20 2023-04-11 2023-05-31 2023-07-20 2023-09-08
Start Date Duration
Master’s Thesis
Main Report
Appendix B: Detailed Configuration Steps for Nessus

Installing Nessus on Kali Linux involves a few steps, including downloading the
Nessus package, installing dependencies, and setting up the software. Here's a
detailed guide to installing Nessus on Kali Linux:
1. Download Nessus:
Go to the Tenable website and sign up for an account Once you have an
account, log in and navigate to the Nessus download page via
https://www.tenable.com/downloads?loginAttempted=true.
Figure 6-1 Nessus Download
2. Select the Appropriate Package:
Choose the appropriate package for your system. Since you're using Kali
Linux, you'll likely want to download the Debian package (`.deb`).
Figure 6-2 Download
Master’s Thesis
Main Report
3. Download the Package
Use `wget` to download the Nessus package. Open a terminal and enter the
following command,
Wget
<https://www.tenable.com/downloads/api/v2/pages/nessus/files/Nessus-
10.5.3-debian10_amd64.deb>
Figure 6-3 Download ls
4. Install Dependencies:
Nessus may have some dependencies that need to be installed. Run the
following commands to ensure you have all the necessary packages:
sudo apt update
5. Install Nessus:
Once the package is downloaded, you can install it using `dpkg`:
sudo dpkg -i Nessus-10.5.3-debian10_amd64.deb
6. Start the Nessus Service:
After installation, start the Nessus service using the following commands:
sudo systemctl start nessusd
Master’s Thesis
Main Report
Figure 6-4 Nesuss Start
7. Access the Web Interface:
Open a web browser and navigate to `https://localhost:8834`. You might

encounter a security warning since the Nessus SSL certificate is self-signed.
Accept the warning and proceed.
Figure 6-5 Nessus SSL
8. Set Up Nessus
Activation: You will need to activate Nessus using the activation code you
received during the registration process. Follow the on-screen instructions to
activate Nessus.
Master’s Thesis
Main Report
Figure 6-6 Nessus activation reg.
Create a User Once activated, you'll be prompted to create a Nessus user

account. Follow the instructions to set up a username and password.
9. Log In to Nessus:
Once you've completed the setup, log in to the Nessus web interface using the
credentials you just created.
Figure 6-7 Nessus Login
Master’s Thesis
Main Report
Figure 6-8 Nessus Interface
Master’s Thesis
Main Report
Appendix C: Detailed Configuration Steps for OpenVAS

A fully configured OpenVAS was downloaded from
https://files.greenbone.net/download/VM/gsm-trial-20.08.4.iso and was imported
to my instance provisioned.
Figure 6-9 OpenVas Login
Master’s Thesis
Main Report
Appendix D: Test Cases and Vulnerabilities Used in the Study

The OWASP (Open Web Application Security Project) provides a collection of
vulnerable virtual machines (VMs) designed for security testing and learning
purposes. These VMs are intentionally configured with various vulnerabilities to
help individuals practice and improve their web application security skills. One
popular OWASP vulnerable VM is the OWASP Web Security Testing VM.
Figure 6-10 Nessus Login
Master’s Thesis
Main Report
Appendix E: Scanning Results

Nessus
Severity Base: CVSS v3.0
Figure 6-11 Nessus CVSS3
Severity Base: CVSS v2.0
Figure 6-12 Nessus CVSS 2
Master’s Thesis
Main Report
Figure 6-13 Nessus CVSS 2b
OpenVAS
Figure 6-14 OpenVAS Result 1
Figure 6-15 OpenVAS Result 2

(PDF) COMPARATIVE ANALYSIS OF SECURITY VULNERABILITY SCANNERS (NESSUS AND OpenVAS) IN CLOUD ENVIRONMENT

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

(PDF) COMPARATIVE ANALYSIS OF SECURITY VULNERABILITY SCANNERS (NESSUS AND OpenVAS) IN CLOUD ENVIRONMENT

Uploaded by

Copyright:

Available Formats

SEC7001

Cloud and Network Security

COMPARATIVE ANALYSIS OF SECURITY VULNERABILITY

School of Arts and Creative Technologies

SUPERVISOR NAME: IHSAN, MANSOOR

A report submitted in the partial fulfilment for the MSc degree in

The University of Bolton

Keywords: Cloud Computing, Vulnerability Scanning, Nessus, OpenVAS,

I am deeply grateful to have the privilege to express my heartfelt appreciation to

First and foremost, I extend my sincere gratitude to my dedicated supervisor,

Statement of the Problem ............................................................................. 13

Research Aims and Objective....................................................................... 13

Relevance and Importance of the Research ................................................. 13

Research Questions ..................................................................................... 15

Scope and Limitation of Study ...................................................................... 15

Thesis Organisation ...................................................................................... 16

CHAPTER 2. Literature Review ................................................................... 18

Literature Review References....................................................................... 19

Literature Review .......................................................................................... 22

Cloud Computing and Security Vulnerabilities .............................................. 25

Security Vulnerability Scanners .................................................................... 26

Common Vulnerability Scoring System (CVSS) ............................................ 27

CVSS-Based Severity ................................................................................... 29

Overview of Nessus and OpenVAS .............................................................. 31

Comparative Analysis of Nessus and OpenVAS .......................................... 36

Knowledge Gap ............................................................................................ 38

Research Design .......................................................................................... 39

Ethical Considerations .................................................................................. 44

Research Philosophy .................................................................................... 44

Cloud Environment Setup ............................................................................. 44

Data Collection and Analysis ........................................................................ 48

Installation and Configuration of NESSUS .................................................... 56

Installation and Configuration of OpenVAS .................................................. 60

Scanning Policies and Configurations .......................................................... 63

Conducting Vulnerability Scans .................................................................... 63

Data Collection and Analysis ........................................................................ 63

Challenges and Solutions ............................................................................. 64

CHAPTER 5. Results and Discussion .......................................................... 67

Vulnerability Severity Classification .............................................................. 69

Scanning Duration ........................................................................................ 70

Support and Documentation ......................................................................... 70

Reporting Capabilities ................................................................................... 70

CHAPTER 6. Conclusion, Recommendation and Future Works .................. 71

Future works ................................................................................................. 73

Appendix A: Gantt Chart ............................................................................... 80

Appendix B: Detailed Configuration Steps for Nessus .................................. 81

Appendix C: Detailed Configuration Steps for OpenVAS .............................. 86

Appendix D: Test Cases and Vulnerabilities Used in the Study .................... 87

Appendix E: Scanning Results...................................................................... 88

Figure 4-25 IAM Dashboard ............................................................................. 66

Table 2-1 Table of References ......................................................................... 21

CLI - COMMAND LINE INTERFACE

CVE - COMMON VULNERABILITIES AND EXPOSURES

CVSS - COMMON VULNERABILITY SCORING SYSTEM

FTP - FILE TRANSFER PROTOCOL

GUI - GRAPHICAL USER INTERFACE

IDS - INTRUSION DETECTION SYSTEM

IOT - INTERNET OF THINGS

IPS - INTRUSION PREVENTION SYSTEM

SLA - SERVICE LEVEL AGREEMENT

SQL - STRUCTURED QUERY LANGUAGE

SSH - SECURE SHELL

VPN - VIRTUAL PRIVATE NETWORK

Background and Context