.

Vulnerability Assesment

<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Fri Mar 23, 2012 11:49 pm

Vulnerability Assesment

This question is for you guys that do vulnerability assessment.

What vulnerability tool do you normally use? OpenVass, Saint, Nessus or Rapid7? Do you scan only servers/switches/firewall/routers, etc or the whole networking including workstations?

I am talking a general vulnerability assessment, not compliant.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sat Mar 24, 2012 11:16 am

Re: Vulnerability Assesment

I use a mix  ;D (Of Nessus and Metasploit) Sometimes I scan everything (small subnets), sometimes I break things up and scan smaller segments at a time in +100 device networks. (I've often been under an extremely tight time-limit, meaning 1-3 hours max.)
I'm an InterN0T'er
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Sat Mar 24, 2012 12:30 pm

Re: Vulnerability Assesment

Last night and today I use OpenVas in a real environment, my supervisor begin to ask the vulnerability assessment for one of our client.

I am glad he asked something like that so I can experiment more, I am taking PWB training but I was worry come on: I will need to get more real experience!!!!. I know vulnerability assessment is not a pentest but I will get it someday very soon.

Tonight I will try Nessus and see what fit better for the company.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Sat Mar 24, 2012 2:17 pm

Re: Vulnerability Assesment

A mix... Nessus, Qualys, Nexpose. Scans are conducted on whatever is in scope.
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Sun Mar 25, 2012 9:37 pm

Re: Vulnerability Assesment

Nexpose. It's not perfect, but none of them are. There are many times that the scanner reports nothing "critical" but full compromise happens shortly there after. I hate VA's... I wish compliance programs realized that.
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Mon Mar 26, 2012 8:42 am

Re: Vulnerability Assesment

I suggest you read a paper I wrote which expounds on these topics

http://infosecisland.com/documentview/1 ... ng-It.html

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software