Evaluation of Security Vulnerability Scanners for Small and Medium Enterprises Business Networks Resilience towards Risk Assessment

Risk Assessment has been identified as a critical issue in computer infrastructures, especially in medium to large scale organizations and enterprises. The goal of this research report is to provide a virtual machine based framework for testing the performance of vulnerability scanners applied to such enterprises, focused to small and medium size ones. Moreover, the purpose of this paper is to compare three of the most well-known free vulnerability scanning solutions (Nessus, OpenVAS, Nmap Scripting Engine) in regards to how they can be used to automate the process of Risk Assessment in an organization, based on the herein presented experimental evaluation framework involving virtual machine testing.