Security Basics mailing list archives
RE: Host Based Vulnerability Scanner
From: Sheldon Malm <Sheldon_Malm () rapid7 com>
Date: Tue, 20 Dec 2011 13:36:34 +0000
If others have low cost solutions that give small businesses a chance with these, please share!
Full disclosure: I work for Rapid7. Nexpose Community Edition is an option here ... it's a free vulnerability management solution that can be used by small businesses. http://www.rapid7.com/products/nexpose-community-edition.jsp For web applications, w3af may be helpful. (Sponsored, but not owned by Rapid7) http://w3af.sourceforge.net/ I hope this helps. Sheldon Malm -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Todd Haverkos Sent: Monday, December 19, 2011 6:43 PM To: noloader () gmail com Cc: Thugzclub Thugzclub; security-basics () securityfocus com Subject: Re: Host Based Vulnerability Scanner Jeffrey Walton <noloader () gmail com> writes:
On Mon, Dec 19, 2011 at 4:40 PM, Thugzclub Thugzclub <thugzclub () googlemail com> wrote:Hi guys, I am looking for a host based vulnerability scanning application. I Nessus and other tools scan can network facing application and tell you whether they are vulnerable or not but I am looking for a host based solution similar to Secunia PSIOn Windows, consider Microsoft Baseline Security Analyzer (MBSA), http://technet.microsoft.com/en-us/security/cc184924. MBSA will also work over the network if the correct credentials are supplied, the host firewall is open, and remote registry access is granted (IIRC).
MBSA is useful and free for Office and OS vulns, but it's probably worth mentioning that third party web plugins (Java, Flash, Reader, Quicktime etc, where most of the problems lie lately) are not covered by MBSA. Too many client sites I see aren't patching third party plugins... mostly for want of resources to do it, a lack of awareness of the seriousness of the problem, and the fact that patching those at scale ... is FAR from simple. Microsoft WSUS+SCCM + a Shavlik SCUPdates license is about as cheaply as you can get away with it unless you have someone handy who has sufficient skill to create, test, debug, and chase down failures in SMS packages. If others have low cost solutions that give small businesses a chance with these, please share! Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ This electronic message contains information which may be confidential or privileged. The information is intended for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic transmission in error, please notify us by e-mail at (postmaster () rapid7 com) immediately. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Host Based Vulnerability Scanner Thugzclub Thugzclub (Dec 19)
- Re: Host Based Vulnerability Scanner Todd Haverkos (Dec 19)
- Re: Host Based Vulnerability Scanner steveo1620 (Dec 19)
- Re: Host Based Vulnerability Scanner Jeffrey Walton (Dec 19)
- Re: Host Based Vulnerability Scanner Todd Haverkos (Dec 19)
- RE: Host Based Vulnerability Scanner Sheldon Malm (Dec 20)
- Re: Host Based Vulnerability Scanner Todd Haverkos (Dec 19)
- Re: Host Based Vulnerability Scanner Todd Haverkos (Dec 19)