forrest@code-lab.com wrote: > This brings me to question why are they doing >assessments by hand when there are great tools like >Nessus? Sorry, This may be off subject slightly, but I had to comment. Nessus is a great tool, I use it frequently and personally prefer it to many commercial tools which I also use, but there are *MANY* reasons for doing parts of a test manually. Only two weeks ago, one of our clients was tested according to our internal procedure. Several automated tools came back all clear. Within 15 minutes of manual testing we found the web server to be vulnerable to both the UTF-8 and double decode vulnerabilities. The reason for this was simply that the tools (which I will not name) presumed that Windows NT is always installed in a directory called winnt, when in this case it was installed in a directory called winnt40. This was enough to throw the automated tools way off of the scent. Also, what about custom CGIs, ASPs etc, they may be vulnerable to /../ attacks, SQL injection etc etc, but there isn't (to my knowledge) any 100% sure fire reliable way to test for these automatically in this scenario. To do the test properly you need to apply the methodology to the custom environment. I think a more suitable question is why would you pay a 'Consultant' good money to hit a big green go button and print the results? Regards to all Dave Wray Sec-Tec Ltd www.sec-tec.co.uk ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 10:11:27 PDT