Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: How do VA scans work technically

Re: How do VA scans work technically

From: HITESH PATEL <hitesh50_at_yahoo.com>
Date: Wed, 9 Jul 2008 18:04:03 -0700 (PDT)

vulnerability scanners are signature-based automated scanners (just like signature based anti-virus softwares) which throws the vulnerability attack against the system based on the type of the target system (or sometimes you can run blind scan also). This is also one of the main reasons that such scanners can have lots of false-positives. These scanners can be very handy to find already known issues as well as low hanging fruits but in my opinion it will never replace human-based penetration testing. These scanners will find issue only if it has vulnerability signature in its DB.

Also the scanners you have mentioned is broad scanners which tries to cover broad range of systems. more targetted scanners like web-application scanners (e.g. AppScan or WebInspect) does more targetted scanning (e.g. HTTP protocols).

My suggestion is do not confuse between "automated signature based vulnerability scanning" and true "white(or black) box manual(an automated) penetration testing". Both has different scope. I know you didn't ask for this suggestion but I come across a lot of such misunderstanding and hence just added my $0.02.

-Hitesh

----- Original Message ----
From: Aseem Kumar <kumaraseem_at_gmail.com>
To: pen-test_at_securityfocus.com
Sent: Tuesday, July 8, 2008 4:02:48 PM
Subject: How do VA scans work technically

Hey,

Can someone tell me (any weblink , any ebook, or direct answers) as to
how the VA scans like those of Qualys or Nessus work?

How do they find the vulnerabilities of a system without ever exploiting it?

Regards
Aseem

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on Jul 09 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos