Hi,
Qualys and Nessus do exploit the vulnerabilities. A very few of them
only find the version of the OS and services along with the patch levels
and then list the vulnerabilities from a pre built database without
actually exploiting them. They will list a vulnerability even if the
vulnerability has been actually remediated using some remediation.
Regards,
Tariq
-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com]
On Behalf Of Aseem Kumar
Sent: Wednesday, July 09, 2008 1:33 AM
To: pen-test_at_securityfocus.com
Subject: How do VA scans work technically
Hey,
Can someone tell me (any weblink , any ebook, or direct answers) as to
how the VA scans like those of Qualys or Nessus work?
How do they find the vulnerabilities of a system without ever exploiting
it?
Regards
Aseem
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on Jul 08 2008
Intro
