Penetration Testing mailing list archives
Re: Nessus, Harmful?
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Thu, 28 Jan 2010 19:44:33 -0500
Its a vulnerability scanner and like all vulnerability scanners, does a half-baked job. You'll get a report that is chalk full of false positives (and false negatives). Read as, if you base your services on nessus, and you sell that to a customer, then you're not doing them justice. On Jan 28, 2010, at 4:04 PM, Genaro Liriano wrote:
Does Nessus actually performs pen-tests or is it just a Vulnerability assessment tool? -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of John Jasen Sent: Thursday, January 28, 2010 2:28 PM To: Zaki Akhmad Cc: pen-test () securityfocus com Subject: Re: Nessus, Harmful? Zaki Akhmad wrote:Hello, I want to do a nessus scanning, but before I'd like to know is it nessus scanning harmful? Because I don't want to make the server down.While a full nessus scan may crash services or your system, you may want to consider that if you can do it legitimately, there's a chance the bad guys can do it as well. Of course, make sure you have all the appropriate permissions before scanning. -- -- John E. Jasen (jjasen () realityfailure org) -- "Deserve Victory." -- Terry Goodkind, Naked Empire ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Adriel T. Desautels ad_lists () netragard com -------------------------------------- Subscribe to our blog http://snosoft.blogspot.com ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Nessus, Harmful? Zaki Akhmad (Jan 11)
- RE: Nessus, Harmful? Swaminathan, Balaji (Jan 11)
- Re: Nessus, Harmful? Mohamed Aymen SAHLI (Jan 11)
- Re: Nessus, Harmful? Adel Abushaev (Jan 11)
- Re: Nessus, Harmful? Joseph J. Snyder III (Jan 11)
- Re: Nessus, Harmful? John Jasen (Jan 28)
- RE: Nessus, Harmful? Genaro Liriano (Jan 28)
- Re: Nessus, Harmful? Jeremy Brown (Jan 28)
- Re: Nessus, Harmful? Adriel T. Desautels (Jan 28)
- RE: Nessus, Harmful? Genaro Liriano (Jan 28)
- Re: Nessus, Harmful? Shohn Trojacek (Jan 28)
- Re: Nessus, Harmful? Himanshu Goyal (Jan 28)
- Re: Nessus, Harmful? bugs (Jan 29)
- Re: Nessus, Harmful? rajat swarup (Jan 29)
- Re: Nessus, Harmful? Himanshu Goyal (Jan 28)
- <Possible follow-ups>
- Re: Nessus, Harmful? lukasz (Jan 11)
- Re: Nessus, Harmful? Edin Dizdarevic (Jan 11)
- Re: Nessus, Harmful? Adrian Puente Z. (Jan 11)