Security Basics mailing list archives

RE: vuln testing

From: "Craig Wright" <cwright () bdosyd com au>
Date: Fri, 29 Jul 2005 07:37:32 +1000

Audit them

Vulnerability tests are at best a verification of an audit. At best (CI
of 99%) a vulnerability scanner will find between 11% and 33% of the
actual security issues on your system. 

A good audit will find between 89% - 98% of vulnerabilities.

By audit I do not mean the typical service which seems to pass as an
audit, but a REAL audit. 

Craig
 

-----Original Message-----
From: Adam Kane [mailto:kane () linkitsoftware com] 
Sent: 26 July 2005 6:34
To: security-basics () securityfocus com
Subject: vuln testing

Hi all,

I'm wondering what free and easy to use tools are available to run
vulnerability testing on my web servers.  I want to know if a web server
has security holes and/or flaws, etc.  Any suggestions are appreciated.

Thanks!

Current thread:

vuln testing Adam Kane (Jul 26)
- RE: vuln testing L1nux (Jul 29)
- <Possible follow-ups>
- Re: vuln testing vachanta (Jul 29)
- RE: vuln testing Kumra, Vipul (Jul 29)
- RE: vuln testing Craig Wright (Jul 29)
- RE: vuln testing DeGrippo, Sherrod (IARC) (Jul 29)
- Re: vuln testing pranxter (Jul 29)
- RE: vuln testing Stephane Auger (Jul 29)