|
Penetration Testing
mailing list archives
Re: nessus exceptions
From: "Andres Riancho" <andresit () fibertel com ar>
Date: Tue, 3 Aug 2004 23:24:47 -0300
Chris ,
It depends on the type of scan your company pays for but if you want and
are carefull with what you do , you could put one or two un-checked inputs
on your webpage in order to get some kind of XSS/SQL Injection. This kind of
tests arent checked (by default with default plugins) by nessus.
If you are looking for something more like a buffer overflow , i suggest
you dont put any service online with this kind of flaw , because your
testing company could not find them with nessus or the scanner they use but
a skilled cracker/hacker/whatever could. Maybe you could put some daemon
from the honeypot project [www.honeypots.net] to listen on some host that
is scanned but aint really important. But once again... production servers
are not a good place to test this.
Andres Riancho
----- Original Message -----
From: "Chris Griffin" <cgriffin () dcmindiana com>
To: <pen-test () securityfocus com>
Sent: Monday, August 02, 2004 3:58 PM
Subject: nessus exceptions
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi list,
Im trying to find some good holes, that aren't major security issues,
that i can create on a machine to see if our testing company really
uses anything other than nessus.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBDo7EeFLbG0PZdVwRAmaSAJ9gHU7w6vbI9DGKWa7xmUQ31qKSBQCgpcpq
cC69CeYr16OsfuYu6u1oe8U=
=bGZi
-----END PGP SIGNATURE-----
 By Date 
By Thread
Current thread:
|
Intro
