forrest_at_code-lab.com wrote:
> This brings me to question why are they doing >assessments by hand when
there are great tools like >Nessus?
Sorry,
This may be off subject slightly, but I had to comment.
Nessus is a great tool, I use it frequently and personally prefer it to many
commercial tools which I also use, but there are *MANY* reasons for doing
parts of a test manually.
Only two weeks ago, one of our clients was tested according to our internal
procedure. Several automated tools came back all clear. Within 15 minutes of
manual testing we found the web server to be vulnerable to both the UTF-8
and double decode vulnerabilities. The reason for this was simply that the
tools (which I will not name) presumed that Windows NT is always installed
in a directory called winnt, when in this case it was installed in a
directory called winnt40. This was enough to throw the automated tools way
off of the scent.
Also, what about custom CGIs, ASPs etc, they may be vulnerable to /../
attacks, SQL injection etc etc, but there isn't (to my knowledge) any 100%
sure fire reliable way to test for these automatically in this scenario. To
do the test properly you need to apply the methodology to the custom
environment.
I think a more suitable question is why would you pay a 'Consultant' good
money to hit a big green go button and print the results?
Regards to all
Dave Wray
Sec-Tec Ltd
www.sec-tec.co.uk
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Sep 06 2001
Intro
