|
|
Web Application Security
Vulnerability solution Nov 14 2012 06:53AM mdaa uae gmail com (8 replies) Re: Vulnerability solution Nov 16 2012 11:08PM Guillermo Caminer (flaco webappsec gmail com) (1 replies) RE: Vulnerability solution Nov 16 2012 06:28AM Todor Tuparov (todort delasport com) (2 replies) |
|
Privacy Statement |
one of the few in the threat that makes any sense (actually it makes a lot
of sense). Offering Nessus as an answer to Mohamed's original question, is
just not taking either security or Mohamed's question seriously. The large
number of such answers, brings one to contemplate the state of security in
general which I did in a frustrate4d blog post:
http://xiom.com/2012/11/18/do_we_know_security.
~ Ofer
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Guillermo Caminer
Sent: Saturday, November 17, 2012 1:09 AM
To: mdaa.uae (at) gmail (dot) com [email concealed]
Cc: webappsec (at) securityfocus (dot) com [email concealed]; pen-test (at) securityfocus (dot) com [email concealed]
Subject: Re: Vulnerability solution
Dear Mohamed,
as somebody already said, there is not a single scanner wich can cover -all-
these components (silver bullet), you will have better luck using different
scanners for different components.
Like everybody said, Nessus is the most general/overall solution.
That been said, if you're serious about your systems security (as I think
you are, because you're looking for a complete scanner solution) I strongly
recommend using a professional pentester, review, among other things, the
source code of your applications and educate your programmers and network
administrators. These are the -only- things that will effectively reduce
your risk and can give you a -real- measure of your systems security.
Scanners only should NOT be used to do a -real- evaluation as this is
misleading.
It's a cliche, but: Security is not a product, is a process.
Sorry for answering something you didn't ask ;)
Best regards.
On 11/14/2012 03:53 AM, mdaa.uae (at) gmail (dot) com [email concealed] wrote:
> Dear All
>
> Is there anyone can refer me to vulnerability solution tool that can scan
the system which consists of applications,database and web.the solution
should provide detailed information regarding all the layers in the
enterprise systems.
>
> Thank you
>
> Mohamed
>
>
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>
>
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
[ reply ]