Qualys, Inc. announced the availability of a free network scanning service to help companies find and eliminate vulnerabilities listed in the annual SANS Top 20 update for 2006 that was announced earlier today.
The SANS Top 20 is designed by the SANS Institute and security experts from industry and government to provide organizations with a prioritized list of newly discovered exposures to their networks. Qualys’ free scan for the 2006 SANS Top 20 is available at .
“Our list of the top 20 vulnerabilities does no good at all unless companies discover whether their computers can be compromised and fix the ones that have the vulnerabilities,” said Alan Paller, director of research, SANS. “I have been enormously appreciative of Qualys, both for helping to research the Top 20, and for making a free testing tool available that tells businesses and government agencies whether their systems are vulnerable to the Top 20.”
In addition to identifying vulnerabilities in Windows and UNIX categories, this year’s Top 20 demonstrated a shift from server-side to client-side vulnerabilities and includes categories for zero-day vulnerabilities and highlights the most important Microsoft Office and Web application exploitable vulnerabilities. These changes further reflect the increase in exploits for malicious or personal gain, such as targeting military and government contractor sites using phishing attacks.