Penetration Testing mailing list archives
Re: Vulnerability Scanning
From: simonis () att net
Date: Sun, 29 Feb 2004 01:32:21 +0000
lo all, After reviewing some scan results and finding a number of false positives from nessus (primarly in XP hosts), I began to become a bit more concerned than I already was. This is in no way reflecting upon nessus's ability to find vulnerabilities and I truely believe all scanners have these issues. The question is, what does everyone else do about this?
There are a variety of things to be done. First, and foremost, is reduce the number of checks to those that are both relevant and important. I seldom use more than a few hundred of Nessus' thousands of checks. Also, experience will teach you that some checks result in false positives in certain situations more often than in other situations. Account for this in your preparation. If you've determined that the plugin is just too important and the situation merits its inclusion, you may need to validate the results manually, either by additional tests or through inspection. As to what others do, many folks don't use scanners. Study of the target environment and the selection of a few likely exploitable vulnerabilities are usually all one needs to gain some level of success. Scanning is (usually, and IMO) best for "vulnerability assessment" and not strictly "penetration testing", where those two are defined as different in my lexicon. -Ds --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Vulnerability Scanning simonis (Mar 01)
- <Possible follow-ups>
- Re: Vulnerability Scanning H Carvey (Mar 01)
- Re: Vulnerability Scanning R. DuFresne (Mar 01)
- Re: Vulnerability Scanning BRIAN HUNTER (Mar 01)
- RE: Vulnerability Scanning Rob Shein (Mar 01)
- RE: Vulnerability Scanning Haseeb Chaudhary (Mar 02)