WebApp Sec mailing list archives
RE: Vulnerability solution
From: "Ofer Shezaf" <ofer () shezaf com>
Date: Sun, 18 Nov 2012 11:41:02 +0200
I'd like to take the opportunity to reply on Guillermo's message, as it is one of the few in the threat that makes any sense (actually it makes a lot of sense). Offering Nessus as an answer to Mohamed's original question, is just not taking either security or Mohamed's question seriously. The large number of such answers, brings one to contemplate the state of security in general which I did in a frustrate4d blog post: http://xiom.com/2012/11/18/do_we_know_security. ~ Ofer -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Guillermo Caminer Sent: Saturday, November 17, 2012 1:09 AM To: mdaa.uae () gmail com Cc: webappsec () securityfocus com; pen-test () securityfocus com Subject: Re: Vulnerability solution Dear Mohamed, as somebody already said, there is not a single scanner wich can cover -all- these components (silver bullet), you will have better luck using different scanners for different components. Like everybody said, Nessus is the most general/overall solution. That been said, if you're serious about your systems security (as I think you are, because you're looking for a complete scanner solution) I strongly recommend using a professional pentester, review, among other things, the source code of your applications and educate your programmers and network administrators. These are the -only- things that will effectively reduce your risk and can give you a -real- measure of your systems security. Scanners only should NOT be used to do a -real- evaluation as this is misleading. It's a cliche, but: Security is not a product, is a process. Sorry for answering something you didn't ask ;) Best regards. On 11/14/2012 03:53 AM, mdaa.uae () gmail com wrote:
Dear All Is there anyone can refer me to vulnerability solution tool that can scan
the system which consists of applications,database and web.the solution should provide detailed information regarding all the layers in the enterprise systems.
Thank you Mohamed This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus -------------------------------------- This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Re: Vulnerability solution, (continued)
- Re: Vulnerability solution Don P (Nov 14)
- Re: Vulnerability solution Mustafa Qasim (Nov 14)
- Re: Vulnerability solution Yiannis Koukouras (Nov 14)
- RE: Vulnerability solution Ofer Shezaf (Nov 15)
- RE: Vulnerability solution Todor Tuparov (Nov 16)
- Re: Vulnerability solution h4ck (Nov 16)
- RE: Vulnerability solution Gail McGowan (Nov 17)
- RE: Vulnerability solution John Mensel (Nov 17)
- Re: Vulnerability solution HomeLandSecurity (Nov 16)
- Re: Vulnerability solution h4ck (Nov 16)
- Re: Vulnerability solution Guillermo Caminer (Nov 17)
- RE: Vulnerability solution Ofer Shezaf (Nov 18)
- RE: Vulnerability solution Salem Baras (Nov 17)
- Message not available
- Re: Vulnerability solution Ricardo David Carrillo Sanchez (Nov 17)
- Re: Vulnerability solution Marcin R (Nov 17)
- Re: Vulnerability solution William Craig (Nov 18)