Understanding Vulnerability Management with Nessus and OpenVAS

  • Cybermap - Understanding Vulnerability Management with Nessus and OpenVAS
  • Reading Time: 4 minutes

👁️

6

People viewed this post

Back to all posts

Vulnerability management, Nessus, and OpenVAS are tools and concepts that appear constantly in cybersecurity. Before working through this section of the Threat and Vulnerability Management module, I understood that vulnerability scanners could identify security weaknesses. What I did not fully understand was how security teams actually use those findings to reduce risk.

Vulnerability Management with Nessus and OpenVAS

This exercise helped me move beyond simply running scans. Instead, I began thinking like a SOC analyst responsible for reviewing findings, prioritizing remediation efforts, and communicating risk to stakeholders.

While Nessus and OpenVAS are different products, they ultimately support the same objective: identifying vulnerabilities before attackers can exploit them.

This write-up documents my experience using both platforms and the lessons I learned about vulnerability management.

Understanding the Goal of Vulnerability Management

Before touching any scanner, I wanted to understand the purpose of vulnerability management.

A common misconception is that vulnerability management is about finding vulnerabilities.

In reality, vulnerability management is about reducing risk.

Organizations often have thousands of vulnerabilities present across servers, workstations, applications, and network devices. Security teams cannot fix everything at once.

The challenge becomes:

  • Which vulnerabilities matter most?
  • Which systems are affected?
  • Which findings create the highest business risk?
  • Which issues should be remediated first?

This is where vulnerability management becomes a business process rather than a technical scan.

Phase 1: Learning Nessus

The Nessus room introduced me to one of the most widely used vulnerability scanners in the industry.

During the exercise, I learned how Nessus identifies:

  • Missing patches
  • Misconfigurations
  • Known CVEs
  • Insecure services
  • Outdated software

Rather than manually reviewing every system, Nessus automates the process and provides a structured report of discovered weaknesses.

At first, I was impressed by how much information a single scan could generate.

However, I quickly realized that the real challenge begins after the scan completes.

Finding vulnerabilities is easy.

Deciding which vulnerabilities deserve immediate attention is much harder.

Understanding Severity Ratings

One of the most important concepts introduced during the Nessus room was vulnerability severity.

Each vulnerability receives a severity level based on potential impact.

Common categories include:

  • Critical
  • High
  • Medium
  • Low

These ratings often rely on CVSS scores.

Initially, I viewed these numbers as simple ratings.

As the exercises progressed, I learned that severity helps determine remediation priority.

For example:

A critical remote code execution vulnerability exposed to the internet may require immediate action.

A low-severity informational finding may simply be documented and reviewed later.

This distinction is critical in real-world environments where resources are limited.

Phase 2: Thinking Like a Vulnerability Analyst

The practical exercises shifted my perspective.

Instead of asking:

What vulnerabilities exist?

I started asking:

Which vulnerabilities present the highest risk?

This mindset change is important.

An analyst reviewing a report containing fifty findings should not spend equal time on every entry.

They should focus on vulnerabilities that:

  • Enable remote code execution
  • Allow privilege escalation
  • Affect critical systems
  • Have known exploitation activity

This approach helps security teams prioritize remediation efforts effectively.

Phase 3: OpenVAS and Practical Vulnerability Assessment

After Nessus, I moved into OpenVAS.

Initially, I expected OpenVAS to feel completely different.

Instead, I discovered that both platforms share the same fundamental purpose.

OpenVAS is an open-source vulnerability scanner that identifies security weaknesses and produces reports similar to Nessus.

The practical exercise required analyzing a vulnerability report rather than performing a scan.

This felt significantly more realistic.

In many organizations, analysts spend more time reviewing reports than launching scans.

The report contained several findings across multiple ports and services.

My objective was to identify:

  • Open services
  • Vulnerability severity
  • Affected systems
  • Detection methods
  • Remediation recommendations

Case Study: MS17-010

The most significant finding within the report was:

MS17-010

The report identified a missing Microsoft security update affecting SMB.

Further analysis revealed:

  • High severity
  • CVSS score of 9.3
  • Potential for remote code execution
  • Significant business risk

This vulnerability became globally known because it was associated with the EternalBlue exploit and the WannaCry ransomware outbreak.

At this point, the vulnerability report stopped being theoretical.

I immediately understood why analysts prioritize certain findings over others.

While the report contained several medium and low-severity issues, MS17-010 represented the most urgent risk.

Reviewing Additional Findings

Beyond MS17-010, the report identified:

Weak SSL/TLS Cipher Suites

The system accepted weak cryptographic ciphers.

Potential impact:

  • Reduced encryption strength
  • Increased susceptibility to interception attacks

Weak Certificate Signature Algorithms

Certificates were signed using SHA-1.

Potential impact:

  • Reduced cryptographic trust
  • Browser trust warnings

Service Enumeration Findings

RPC services exposed information that could assist attackers during reconnaissance.

Potential impact:

  • Increased attacker visibility into the environment

Although these findings were important, they did not require the same urgency as the SMB vulnerability.

This reinforced the importance of prioritization.

What I Found Challenging

The biggest challenge was not understanding the scanners.

The challenge was understanding the findings.

At first, vulnerability reports appeared overwhelming.

Large reports can contain dozens or hundreds of entries.

It is easy to become distracted by the volume of information.

What helped was focusing on:

  • Severity
  • Impact
  • Exploitability
  • Business risk

Once I began thinking from that perspective, the reports became much easier to interpret.

Key Lessons Learned

Vulnerability Management Is About Risk

Finding vulnerabilities is only the beginning.

The objective is reducing organizational risk.

Nessus and OpenVAS Serve Similar Purposes

Both platforms identify vulnerabilities and support remediation efforts.

Severity Helps Drive Prioritization

Critical vulnerabilities deserve immediate attention.

Not all findings require the same response.

Reports Matter More Than Scans

Security teams spend significant time reviewing findings, validating results, and planning remediation.

Context Is Essential

A vulnerability's severity score should always be considered alongside business impact.

Analyst Report Summary

Assessment Overview

A vulnerability assessment was conducted using vulnerability management tools to identify weaknesses within the target environment.

Significant Findings

  • Critical SMB vulnerability (MS17-010)
  • Weak SSL/TLS cipher suites
  • Weak certificate signature algorithms
  • Service enumeration exposure

Risk Assessment

The highest risk finding was MS17-010 due to the potential for remote code execution and known exploitation history.

Recommended Actions

  1. Apply missing Microsoft security updates.
  2. Remove or disable weak cryptographic ciphers.
  3. Replace SHA-1 certificates with SHA-2 equivalents.
  4. Limit unnecessary exposed services.
  5. Conduct follow-up validation scans.

Verification

Rescan systems after remediation to verify successful mitigation.

Conclusion

This exercise helped me understand that vulnerability management is far more than running Nessus or OpenVAS scans.

The true value comes from interpreting results, prioritizing remediation efforts, and communicating risk effectively.

Nessus provided insight into enterprise vulnerability scanning, while OpenVAS demonstrated how analysts evaluate and validate findings in practice.

The biggest lesson was simple:

Finding vulnerabilities is easy.

Knowing which vulnerabilities matter most is where real vulnerability management begins.

See what's next in my Threat and Vulnerability Management jounery: Using MISP Threat Intelligence to investigate an APT28 Campaign

Visit my everyday Cyber Playground

  • Related post tags:

Enjoyed this?

Explore more intriguing topics and take a look at my cybermap for more.

Explore Lab & Incidents

© 2026 Favour Gabriel. All rights reserved.