1. Go Bravely Into the World of Mythological Creatures.
By Dusko Pijetlovic
We need to have an automated method for performing network vulnerability assessment because the growth in complexity of operating systems, applications, network protocols, and mobile devices has made it impossible to perform it manually.
2. Create a Basic Web Application Scan Policy.
By Johan Loos
In this document, you will learn how to create a generic policy that can be used for scanning unknown web applications. We will start from an existing policy and use the policy “Web App Tests” as the base for your policy.
3. Five Steps to Nessus 5.
By Walter Cuestas
Nessus is one of the best vulnerability assessment tools, if not the best one. It went from a free software version (free as freedom) through “free” software (as free beer), ending up as a 100% commercial version (Professional Feed). Tenable, the maker of Nessus (and other great tools) provides a version they call “HomeFeed” that as the name suggests, you can use at home (and how many people have a computer network at home today? Everyone reading this, I bet!) There is also an education agreement to let academic institutions have licenses for students learning how to use Nessus.
4. Create a Basic Scan Policy in Nessus 5.
By Johan Loos
Before you can launch a scan, you first need to create a scan policy. This policy contains settings Nessus will use when scanning your hosts. A scan policy contains more information about how to scan a host, which hosts to scan, and a list of plugin IDs used to scan the target.
5. Vulnerability Assesments On SCADA Systems With Nessus 5.0
By Indranil Banerjee
In the growing field of information security, the need for automated vulnerability scanners is evident to vulnerability researchers, and one of the best scanners on the market is Tenable Network Security’s Nessus. The most recent version of this (primarily open source) web based automated Vulnerability Scanner cum Assessment tool is Nessus 5.0.
6. Q. Can Nessus be used for web application scans?
By Paul Davis
Don’t believe someone who tells you that Nessus is a decent network-based scanner, but doesn’t do much else. If you want to be a “check-box” user who implements nothing but the default Nessus settings, you can certainly do that, but are really missing a lot! Having worked with Nessus for a number of years now, I have learned that it does network-based scans, and a whole lot more.
7. Analyzing Vulnerable Systems Using Nessus 5.
By Steve Myers
A good network or systems administrator should be constantly assessing their environment for vulnerabilities that have potential for exploitation. A security agent, such as a penetration tester or attacker, may be looking for these same vulnerabilities in order to breach the network to access sensitive information. Nessus is one of the most popular vulnerability scanners available and contains a comprehensive set of tools for gathering, analyzing, and reporting on systems and devices within a network.
8. Nessus 5.0 Configuration Guide.
By Vikas Kumar
Nessus® is the world’s most widely-deployed vulnerability and configuration assessment product with more than five million downloads to date. Nessus 5 features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, patch management integration, and vulnerability analysis of your security posture with features that enhance usability, effectiveness, efficiency, and communication with all parts of your organization.
9. Obfuscate SQL Fuzzing for fun and profit.
By Gerasimos Kassaras
Now a days cyber criminals are increasingly using automated SQL injection attacks powered by botnets to hit vulnerable systems. SQL injection attacks is the prevalent way of attacking front-end Web applications and back-end databases to compromise data confidentiality. Recently published reports by the Web Hacking Incidents Database (WHID) shows SQL injections as the top attack vector, making up 19 percent of all security breaches examined by WHID. Open Web Application Security Project (OWASP) top 10 risk categorization chart, rates SQL injection risk as number one threat along with operating system command injection and LDAP injection attack.
10. Java – The New King of Web Exploits.
By Abhinav Singh
ava is one of the most widely used platforms for code deployment. According to Oracle, there are over 5.5 billion Java-enabled devices around the globe. The immense popularity of the Java platform makes it a language of choice for exploit writers and malware makers alike. Ironically, the success of Java and its wide deployment across so many different platforms offer malicious developers a wealth of targets. Below we explore some of the more interesting and recent Java exploits. First, however, it’s important to review and understand the Java virtual machine (JVM), which is the heart of the entire platform.