Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Nessus, Harmful?
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Thu, 28 Jan 2010 19:44:33 -0500

Its a vulnerability scanner and like all vulnerability scanners, does a half-baked job.  You'll get a report that is 
chalk full of false positives (and false negatives).

Read as, if you base your services on nessus, and you sell that to a customer, then you're not doing them justice. 


On Jan 28, 2010, at 4:04 PM, Genaro Liriano wrote:

Does Nessus actually performs pen-tests or is it just a Vulnerability
assessment tool?



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of John Jasen
Sent: Thursday, January 28, 2010 2:28 PM
To: Zaki Akhmad
Cc: pen-test () securityfocus com
Subject: Re: Nessus, Harmful?

Zaki Akhmad wrote:
Hello,

I want to do a nessus scanning, but before I'd like to know is it 
nessus scanning harmful? Because I don't want to make the server down.

While a full nessus scan may crash services or your system, you may want
to consider that if you can do it legitimately, there's a chance the bad
guys can do it as well.

Of course, make sure you have all the appropriate permissions before
scanning.

--
-- John E. Jasen (jjasen () realityfailure org)
-- "Deserve Victory." -- Terry Goodkind, Naked Empire

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------




        Adriel T. Desautels
        ad_lists () netragard com
        --------------------------------------

        Subscribe to our blog
        http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]