lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: jeremiah at (Jeremiah Cornelius)
Subject: Top 15 Reasons Why Admins Use Security Scanners

Hash: SHA1

On Wednesday 28 April 2004 15:35, nicolas vigier wrote:
> you get too much false positive because nessus only
> try to find the version and don't really test the vulnerability.
> I think the right way to do it is to use a scanner which will use
> an exploit to test the vulnerability. Unfortunately an exploit is
> not always avaible for every vulnerability.

This depends on the individual NASL script.  Safe-checks only read banners, 
port combinations, etc.

There is nothing preventing a NASL check from mimicking exploit behavior.  For 
instance, some of the DoS checks are canned 'sploits.  There are unsafe SMTP 
checks that will send mail to a file in the /etc or /var/log hierarchies.  
This does not rely on banners, but behaviors.  You could adjust the NASL to 
do real harm to a vulnerable system.

True, Nessus doesn't run codes for a remote shell  against indications of of a 
buffer overflow.  That's when judicious manual checking is called for - where 
the tool leaves off.

Admins are in a privileged position to do these checks - as opposed to the 
pen-test auditor whos hand checks require adoption of invasive behavior.

Version: GnuPG v1.2.4 (GNU/Linux)


Powered by blists - more mailing lists