HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 58 guests and 3 members online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Vulnerability Assesment
EH-Net
May 23, 2013, 10:54:51 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Vulnerability Assesment  (Read 2674 times)
0 Members and 1 Guest are viewing this topic.
impelse
Hero Member
*****
Offline Offline

Posts: 565


View Profile WWW
« on: March 23, 2012, 11:49:33 PM »
This question is for you guys that do vulnerability assessment.

What vulnerability tool do you normally use? OpenVass, Saint, Nessus or Rapid7? Do you scan only servers/switches/firewall/routers, etc or the whole networking including workstations?

I am talking a general vulnerability assessment, not compliant.
Logged
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
MaXe
Hero Member
*****
Offline Offline

Posts: 669


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #1 on: March 24, 2012, 11:16:02 AM »
I use a mix  Grin (Of Nessus and Metasploit) Sometimes I scan everything (small subnets), sometimes I break things up and scan smaller segments at a time in +100 device networks. (I've often been under an extremely tight time-limit, meaning 1-3 hours max.)
Logged
I'm an InterN0T'er
impelse
Hero Member
*****
Offline Offline

Posts: 565


View Profile WWW
« Reply #2 on: March 24, 2012, 12:30:08 PM »
Last night and today I use OpenVas in a real environment, my supervisor begin to ask the vulnerability assessment for one of our client.

I am glad he asked something like that so I can experiment more, I am taking PWB training but I was worry come on: I will need to get more real experience!!!!. I know vulnerability assessment is not a pentest but I will get it someday very soon.

Tonight I will try Nessus and see what fit better for the company.
Logged
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
BillV
Hero Member
*****
Offline Offline

Posts: 1892


View Profile WWW
« Reply #3 on: March 24, 2012, 02:17:50 PM »
A mix... Nessus, Qualys, Nexpose. Scans are conducted on whatever is in scope.
Logged
cd1zz
Hero Member
*****
Offline Offline

Posts: 561


View Profile WWW
« Reply #4 on: March 25, 2012, 09:37:33 PM »
Nexpose. It's not perfect, but none of them are. There are many times that the scanner reports nothing "critical" but full compromise happens shortly there after. I hate VA's... I wish compliance programs realized that.
Logged
OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com
sil
Hero Member
*****
Offline Offline

Posts: 549



View Profile WWW
« Reply #5 on: March 26, 2012, 08:42:10 AM »
I suggest you read a paper I wrote which expounds on these topics

http://infosecisland.com/documentview/12932-Defending-the-Castle-by-Actively-Abusing-It.html
Logged
http://www.infiltrated.net/mgz/puppylecter.jpg
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.095 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.