Security Basics mailing list archives

Re: Security scanning tools

From: Devilscrow Sr <devilscrow () gawab com>
Date: Tue, 16 Dec 2003 02:05:27 +0530

Hi Jack,

My answers inline...

Jack Solomon wrote:

My questions to the group are:
1. What tool[s] should I look to buy that that correctly reportssecurity vulnerabilties with the least false positives?

Firstly, mbsa for me is more of a information gathering tool that alsodoes some basic security checks. Secondly, some amount of post scananalysis / verification is always very important and required to getbetter results out of your vulnerability scans. This will help youreduce the number of false positives.

2. Are false positives a known [feature] of all scanning tools?


Oh, yes !
That goes without saying.....

-dev

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Security scanning tools Jack Solomon (Dec 15)
- Re: Security scanning tools Carlton Foster (Dec 15)
- Re: Security scanning tools Devilscrow Sr (Dec 15)
- Re: Security scanning tools Chris Burton (Dec 15)
- SV: Security scanning tools Kim Guldberg (Dec 16)
- <Possible follow-ups>
- Re: Security scanning tools H Carvey (Dec 15)
- RE: Security scanning tools KoRe MeLtDoWn (Dec 15)