Re: False-negatives in several Vulnerability Assessment tools

[Muhammad Faisal Rauf Danka <mfrd () attitudex com>]

Very Informative article I must say, 
However, 

<quote>
Numerous Vulnerability Assessment (VA) tools are available for security 
engineers, pen-testers and network administrators. Their results are 
mostly trusted by users since they don't have time nor competences to 
validate that output. 
</quote>

Users should not be the one to validate the output, The result of (VA) 
tools should be thoroughly identified and manually checked by the
 
<quote> 
security 
engineers, pen-testers and network administrators 
</quote>

Another thing, now are we looking towards re-designing of several 
plugins for other languages and accordingly newer plugins to have 
different languages versions and it would effect several signatures in 
various (IDS) too.

Did you contacted most if not all (VA) and (IDS) vendors regarding this,
 and what's their response?


Regards
--------
Muhammad Faisal Rauf Danka


_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Select your own custom email address for FREE! Get you () yourchoice com w/No Ads, 6MB, POP & more! 
http://www.everyone.net/selectmail?campaign=tag

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-pen-test 
----------------------------------------------------------------------------