|
|
Security Basics
Need Some Basic Information Dec 19 2011 12:22PM shivaone gmail com (4 replies) Re: Need Some Basic Information Dec 20 2011 05:59PM Steve Armstrong (SteveArmstrong LogicallySecure com) Re: Need Some Basic Information Dec 19 2011 10:42PM Fábio Soto (fabio andradesoto com br) (1 replies) Re: Need Some Basic Information Dec 19 2011 11:48PM Todd Haverkos (infosec haverkos com) (1 replies) Re: Need Some Basic Information Dec 20 2011 02:54AM Fábio Soto (fabio andradesoto com br) (1 replies) Re: Need Some Basic Information Dec 20 2011 04:42PM Thugzclub Thugzclub (thugzclub googlemail com) (2 replies) |
|
Privacy Statement |
To truly find the most vulnerabilities, that takes a gifted penetration testing person.
Regards,
Shane Anglin
On Dec 20, 2011, at 11:42 AM, Thugzclub Thugzclub <thugzclub (at) googlemail (dot) com [email concealed]> wrote:
> I am only interested in host based scanners that can report on
> vulnerable products. I know that
>
> Nessus can solve this problem using credentialed scan, but what issues
> are there with credentialed scans?
>
> On 20 December 2011 02:54, Fábio Soto <fabio (at) andradesoto.com (dot) br [email concealed]> wrote:
>> In my experience that's true... I've already discovered and developed exploits to unknown vulnerabilities during pentesting.
>>
>> As nessus is a "knowledge base" driven tool, it cannot discover vulnerabilities which aren't in its base.
>>
>> Some Blind Sql injections, buffer and heap overflows will not be covered by scanning tools. Social engeneering will not be covered as well ;)
>>
>> About the glorified repackaged scans, that is indeed a really sad reality... :(
>>
>> On 19/12/2011, at 21:48, Todd Haverkos <infosec (at) haverkos (dot) com [email concealed]> wrote:
>>
>>> Fábio Soto <fabio (at) andradesoto.com (dot) br [email concealed]> writes:
>>>
>>>> Nessus or any other scanning tool will give too much false
>>>> positives, or fail to detect many vulnerabilities.
>>>
>>> That's not true in my experience if credentialed scanning is used,
>>> unless you're highlighting that scanners do poorly against web app
>>> vulns. Passive vulnerability scanning is not prone to false positives
>>> either, for what it's worth.
>>>
>>>> Probably you'll need some professional pentesting services.
>>>
>>> Which at the low and unethical end are glorified repackaged Nessus or
>>> [insert other vuln scanner] scans (sad to say).
>>>
>>> Best Regards,
>>> --
>>> Todd Haverkos, LPT MsCompE
>>> http://haverkos.com/
>>>
>>> ------------------------------------------------------------------------
>>> Securing Apache Web Server with thawte Digital Certificate
>>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>>
>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>>> ------------------------------------------------------------------------
>>>
>>
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>> ------------------------------------------------------------------------
>>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]