Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Local Software Scanner for vulnerabilities

From: Todd Haverkos <infosec () haverkos com>
Date: Fri, 02 Sep 2011 16:08:37 -0500
Pascal Heraud <pascal.heraud () laroueverte com> writes:


Thank you all for responses, a very interesting overview of tools.

I'd like to have an tool capable of quickly locally detecting any
vulnerable package, not much.
My need is so simple and solutions so complex or expensive, that I'm
planning to make my own tool.
The only point is to build a matching database between application
names from CVEs and the ones from OS. I'll start with Gentoo / Debian
as it's my first need.

I'll continue to use security scanners from time to time to have a
full security assesment of servers.

Pascal.



Free and/or 1200/year are complex and expensive??  

Don't forget to put a value on your time. 

Quickly and locally detecting any vulnerable package may sound easy,
but there would be entire tools dedicated to this and needing
commercial support.  The most cost effective agent based commercial
vulnerability solution I know of is Secunia CSI, but rather than
managing a bunch of agents, you'd be well served by a Nessus or a
Nexpose like remote vuln scanner that you can feed credentials to.
If Nexpose Community is free for business use... I can't imagine why
you'd want to try to write something that'll need continuous update to
detect new versions of every piece of software you care to audit
against.  The value of the managed plugin feed is much of what these
things bring to the table. 


--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: