Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: How do VA scans work technically

From: "Tariq Naik" <Tariq_Naik () symantec com>
Date: Wed, 9 Jul 2008 10:59:33 +0530
 
Hi,

Qualys and Nessus do exploit the vulnerabilities. A very few of them
only find the version of the OS and services along with the patch levels
and then list the vulnerabilities from a pre built database without
actually exploiting them. They will list a vulnerability even if the
vulnerability has been actually remediated using some remediation.

Regards,
Tariq


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Aseem Kumar
Sent: Wednesday, July 09, 2008 1:33 AM
To: pen-test () securityfocus com
Subject: How do VA scans work technically

Hey,

Can someone tell me (any weblink , any ebook, or direct answers) as to
how the VA scans like those of Qualys or Nessus work?

How do they find the vulnerabilities of a system without ever exploiting
it?

Regards
Aseem

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: