|
Penetration Testing
How do VA scans work technically Jul 08 2008 08:02PM Aseem Kumar (kumaraseem gmail com) (2 replies) RE: How do VA scans work technically Jul 09 2008 05:29AM Tariq Naik (Tariq_Naik symantec com) (1 replies) |
|
 Privacy Statement |
Thanks for all the gr8 replies.
Showing of already remediated vulnerabilities was what i was concerned.
So i always have to take the reports from these scans with a pinch of
salt. They even might miss something.
But what if i am running say a web server on a non-standard port and
have really disabled all settings that might allow an outsider to get
a banner or version number of underlying application then will the
scanners still be able to do some heuristics and come out with nearly
correct answers.
Can someone point me to any link that will provide more insight into
this process.
Regards
Aseem
On Wed, Jul 9, 2008 at 11:07 AM, Killy <killfactory (at) gmail (dot) com [email concealed]> wrote:
> Nessus can ne configured to perform safe scans. It will still for blank
> root, as and administrator passwords under that config.
>
> So, it depends on your definition of exploit :)
>
> Nessus can also be configured to prrerform brute force attacks using a hydra
> plugin/module
>
> You also perform thorough tests/scans.
>
> I have feeling that you are wanting to if nessus and qualys operate like
> metasploit, canvas or other exploit frameworks.
>
> I would say no. But nessusbis very flexible and you can customize It and
> create your own plugin to do just about anything.
>
> There is plenty of documentation and help online.
>
> Sent from my iPod
>
> On Jul 8, 2008, at 4:02 PM, "Aseem Kumar" <kumaraseem (at) gmail (dot) com [email concealed]> wrote:
>
>> Hey,
>>
>> Can someone tell me (any weblink , any ebook, or direct answers) as to
>> how the VA scans like those of Qualys or Nessus work?
>>
>> How do they find the vulnerabilities of a system without ever exploiting
>> it?
>>
>> Regards
>> Aseem
>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: Cenzic
>>
>> Top 5 Common Mistakes in
>> Securing Web Applications
>> Get 45 Min Video and PPT Slides
>>
>> www.cenzic.com/landing/securityfocus/hackinar
>> ------------------------------------------------------------------------
>>
>
--
Love enables you to put your deepest feelings and fears in the palm of
your partner's hand, knowing they will be handled with care.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
[ reply ]