Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
Penetration Testing
How do VA scans work technically Jul 08 2008 08:02PM
Aseem Kumar (kumaraseem gmail com) (2 replies)
Re: How do VA scans work technically Jul 09 2008 05:37AM
Killy (killfactory gmail com) (1 replies)
Re: How do VA scans work technically Jul 09 2008 08:52AM
Aseem Kumar (kumaraseem gmail com) (4 replies)
Re: How do VA scans work technically Jul 19 2008 11:33AM
Zed Qyves (zqyves spamtrap gmail com)
RE: How do VA scans work technically Jul 10 2008 11:19AM
Rivest, Philippe (PRivest transforce ca)
AW: How do VA scans work technically Jul 10 2008 08:09AM
puppe hisolutions com
Salve,

the data is quite old by now, but you will find some stuff on the topic on my site: http://www.vulnerability-assessment.de/doku.php

--
Mit freundlichen Grüßen

Christoph Puppe
Security Consultant

We secure your business.(TM)
_______________________________________________________

HiSolutions AG Phone: +49 30 533289-0
Bouchéstrasse 12 Fax: +49 30 533289-99
D-12435 Berlin Internet: http://www.hisolutions.com
_______________________________________________________

Mindestinformationen im geschäftlichen E-Mail-Verkehr nach §37a HGB:

Sitz der Gesellschaft / registered office:
Berlin

Handelsregistereintrag / Commercial register:
Amtsgericht Berlin Charlottenburg - HRB 80155

Vorstand / Management Board:
Torsten Heinrich, Timo Kob, Michael Langhoff

Vorsitzender des Aufsichtsrates / Chairman of the supervisory board:
Prof. Dr. Klaus Müller

> -----Ursprüngliche Nachricht-----
> Von: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] Im
> Auftrag von Aseem Kumar
> Gesendet: Mittwoch, 9. Juli 2008 10:52
> An: pen-test (at) securityfocus (dot) com [email concealed]
> Betreff: Re: How do VA scans work technically
>
> Hi,
>
> Thanks for all the gr8 replies.
>
> Showing of already remediated vulnerabilities was what i was concerned.
> So i always have to take the reports from these scans with a pinch of
> salt. They even might miss something.
>
> But what if i am running say a web server on a non-standard port and
> have really disabled all settings that might allow an outsider to get
> a banner or version number of underlying application then will the
> scanners still be able to do some heuristics and come out with nearly
> correct answers.
>
> Can someone point me to any link that will provide more insight into
> this process.
>
> Regards
> Aseem
>
> On Wed, Jul 9, 2008 at 11:07 AM, Killy <killfactory (at) gmail (dot) com [email concealed]> wrote:
> > Nessus can ne configured to perform safe scans. It will still for blank
> > root, as and administrator passwords under that config.
> >
> > So, it depends on your definition of exploit :)
> >
> > Nessus can also be configured to prrerform brute force attacks using a
> hydra
> > plugin/module
> >
> > You also perform thorough tests/scans.
> >
> > I have feeling that you are wanting to if nessus and qualys operate like
> > metasploit, canvas or other exploit frameworks.
> >
> > I would say no. But nessusbis very flexible and you can customize It and
> > create your own plugin to do just about anything.
> >
> > There is plenty of documentation and help online.
> >
> > Sent from my iPod
> >
> > On Jul 8, 2008, at 4:02 PM, "Aseem Kumar" <kumaraseem (at) gmail (dot) com [email concealed]> wrote:
> >
> >> Hey,
> >>
> >> Can someone tell me (any weblink , any ebook, or direct answers) as to
> >> how the VA scans like those of Qualys or Nessus work?
> >>
> >> How do they find the vulnerabilities of a system without ever
> exploiting
> >> it?
> >>
> >> Regards
> >> Aseem
> >>
> >> -----------------------------------------------------------------------
> -
> >> This list is sponsored by: Cenzic
> >>
> >> Top 5 Common Mistakes in
> >> Securing Web Applications
> >> Get 45 Min Video and PPT Slides
> >>
> >> www.cenzic.com/landing/securityfocus/hackinar
> >> -----------------------------------------------------------------------
> -
> >>
> >
>
>
>
> --
> Love enables you to put your deepest feelings and fears in the palm of
> your partner's hand, knowing they will be handled with care.
>
> ------------------------------------------------------------------------

> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------

------------------------------------------------------------------------

This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

[ reply ]
Re: How do VA scans work technically Jul 09 2008 06:21PM
Todd Haverkos (infosec haverkos com)
RE: How do VA scans work technically Jul 09 2008 05:29AM
Tariq Naik (Tariq_Naik symantec com) (1 replies)
Re: How do VA scans work technically Jul 09 2008 02:58PM
Jason (securitux gmail com) (1 replies)
RE: How do VA scans work technically Jul 16 2008 04:35PM
Tariq Naik (Tariq_Naik symantec com)







 

Privacy Statement
Copyright 2008, SecurityFocus