Here's the study "An analysis of Black-box web security scanners" (pdf)

It presents an evaluation of eleven black-box web vulnerability scanners.

Very good topic.

Here's a little bibliography:

- OWASP Code Review Guide (free)
- Code Complete (Microsoft Press)
- Hunting Security Bugs (Microsoft Press)
- Writing Secure Code (Microsoft Press)

Hello,

Vulnerability scanning is only one "technical" part of the risk assesment process. The "business" part is equally important.

One method (not the best) to approacjh Risk Assesment is:

RISK = THREAT +  WAY OF ATTACK + VULNERABILITIE + ASSET + IMPACT

These 5 components have to be estimate into the organization specific context with the approval of the business.

Once this estimate is done, business, and only business, have to evaluate the risk and then decide to keep, avoid, reduce or transfer the risk.

You're only here to estimate the risk. Executives and business people are here to evaluate it and decide the way to treat it

At this point, it is possible to determine necessary and sufficient security objectives and requirements.

This approach is called "EBIOS" and is promoted by the DCSSI and recognized by the French administrations and, accordiang to me, has a some good pedagogic virtues

(more info)

Hope this helps

(sorry for my bad english, you guess it... i'm french)

Hello,

I need some help to find evidences of Kon-boot CD usage on an XP workstation into an Active Directory domain.

the usage of the CD is simple : it boots and starts the OS on the hard drive, shows all Windows user's profile(domain and local) and displays a menu. You can choose the user you want to open a session without destroy the password using the "cached credentials" feature. So you have access to the filesystem. If you try to access a share, then a small window bubble appears in the task bar, "Windows needs your current credentials. Please lock this computer, then unlock it using your most recent password or smart card. Please click the icon to see more information."

I'm looking for events on the worksation or the DC in order to find evidence.

Thanks for your help.