lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: boklm at mars-attacks.org (nicolas vigier) Subject: Top 15 Reasons Why Admins Use Security Scanners On Wed, 28 Apr 2004, Joel R. Helgeson wrote: > > Top 15 Reasons Why Admins Use Security Scanners > > This list has been compiled by emailing various Security/Admin lists... > Anyone care to offer their input - add to the list? > > -Am I sure that I have found all vulnerabilities in my network? Unfortunately you cannot really be sure that you have no known vulnerabilites in your network with most scanners. Sometime if you use a scanner like nessus and have a network of debian stable machines (or any other OS which doesn't upgrade the version of a program when a vuln is found but instead backport the fix in order to avoid problems with upgrade which change too much things) you get too much false positive because nessus only try to find the version and don't really test the vulnerability. I think the right way to do it is to use a scanner which will use an exploit to test the vulnerability. Unfortunately an exploit is not always avaible for every vulnerability. What scanner are you using ?
Powered by blists - more mailing lists