Security Scanning Software - Free - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Security Scanning Software - Free

  1. #11
    Senior Member
    Join Date
    Oct 2004
    Posts
    122
    perfect answer.
    Yeah i prefer to code these things for myself as i said above i am currently developing a security scanner(a all in one kinda)it is not difficult at all it gives you a through knowledge of holw these things work.



    Okay, it may just be me. But I'm seeing this from a greyhat
    Yeah kinda i am trying to grow up lets see......
    nobody is perfect i am nobody

  2. #12
    When you release the alpha version of your scanner let me know, more than happy to test it out with you

  3. #13
    Senior Member
    Join Date
    Oct 2004
    Posts
    122
    Originally posted here by poohsuntzu
    When you release the alpha version of your scanner let me know, more than happy to test it out with you
    45 days from now my exams are on now i will start my work after that.and i will post that code on AO that is a promise
    nobody is perfect i am nobody

  4. #14
    Senior Member
    Join Date
    Jan 2002
    Posts
    187
    should be obvious, anytime you're looking for tools or just looking for something to do, go here:
    http://www.insecure.org/tools.html
    U suk at teh intuhnet1!!1!1one

  5. #15
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    Nessus actually produces less False positives then retina so it may actually work out to be even more use (getting back to the original post). Tenable NewT is the version that has been ported to Windows and once your trial has expired its very expensive. You could always run the Nessus server on Linux and then one of the many Windows frontends if you wish to primarily use windows.

    Whichever way you do it, the best way I find when performing either a vulnerability scan, or a noisy pen test (i.e. the client doesn`t want you to be sneaky about it) is to use one of the automated scanning tools and then manually check any exploits you have that are not covered by the scanner. All the scanning tools miss things (vulnerability scanners I mean) so you should plan on doing some manual checks atferwards, but typically you are not going to have 3 weeks to manually check for 1800 vulnerabilities +, and if you do then please send me the details on where you work...

    You may also want to look at some of the scanning appliances out there, a couple are based on Nessus, although right now all the names escape me...its been a long day...whilst the initial layout is a wee bit in the long run they tend to work out well, depending on how large you network is.

    One other thing to keep in mind is that for many organizations these scans/tests are now required, the SEC is very fond of them as is the FDIC (which actually requires them now)for financial institions.

    Also, all the scanning and testing in the world is not worth anything if you don`t have some kind of remediation process in place which tracks the vulnerabilities you find and how you fix them. Typically the scan is then, the findings are then assessed and ones that need to be dealt with identified (there may be different levels applied) and action plans developed. You should plan to keep these tracking sheets and not just delete the holes as they are fixed (this shows the auditors that you are actually doing what you say you are doing), and write up a policy document on what you are doing and how you are doing.
    Quis custodiet ipsos custodes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •