Performing Vulnerability Scanning with Nessus

When to Use

• Conducting initial vulnerability assessment during the reconnaissance phase of a penetration test
• Performing periodic vulnerability scans to maintain compliance with PCI-DSS (requirement 11.2), HIPAA, or SOC 2 standards
• Validating that remediation efforts have successfully addressed previously identified vulnerabilities
• Establishing a baseline of known vulnerabilities before targeted manual exploitation
• Auditing patch compliance and configuration drift across server and workstation fleets

Do not use as a substitute for manual penetration testing, against systems without written authorization, or against fragile systems (medical devices, legacy SCADA) where scanning may cause service disruption.

Prerequisites

• Tenable Nessus Professional or Nessus Expert with current plugin updates (plugins should be less than 24 hours old)
• Network connectivity to all target hosts on all ports (no firewall restrictions between scanner and targets)
• Administrative credentials for authenticated scanning (domain admin or local admin for Windows, root/sudo for Linux, SNMP community strings for network devices)
• Target IP ranges and hostnames documented in the scope agreement
• Change management approval for scanning during authorized windows