Tag: Nessus

  • Nessus Plugin Spotlight: SSL Certificates

    Nessus Plugin Spotlight: SSL Certificates

    [This was originally published on the Tenable blog.] During the past few weeks, the Tenable R&D team has created several plugins to enhance SSL certificate auditing capability. Nessus will identify SSL certificates regardless of port and launch dozens of plugins to check for a variety of weaknesses and vulnerabilities. Three new plugins expand that auditing…

  • Scanning Large Networks with Nessus

    Scanning Large Networks with Nessus

    [This was originally published on the Tenable Blog.] The first time I was asked to scan a Class B network, my initial reaction was “Are you kidding me?” I actually thought it was a trick question to see how I reacted to unexpected situations. I had just two weeks to develop a strategy and perform…

  • Detecting the Recent Adobe 0-Day (APSA10-01) with Nessus

    Detecting the Recent Adobe 0-Day (APSA10-01) with Nessus

    [This was originally published on the Tenable blog.] On June 4, 2010, Adobe announced a new attack being exploited in the wild that targeted Adobe products, and word spread quickly. Adobe’s security bulletin (APSA10-01) provided few details, but confirmed that attackers were actively exploiting a vulnerability that affected their Flash Player, Adobe Reader and Acrobat.…

  • Microsoft Patch Tuesday Roundup – June 2010 – “Everything is Vulnerable” Edition

    Microsoft Patch Tuesday Roundup – June 2010 – “Everything is Vulnerable” Edition

    [This was originally published on the Tenable blog.] Here we go again – another massive “Patch Tuesday”, brought to you by Microsoft. This particular bundle addresses 34 vulnerabilities in Windows, IE, Office, .NET Framework, IIS and Sharepoint, a tie for the largest vulnerability count in a single Microsoft Patch Tuesday to date. The advisories include a wide…

  • Getting ‘lucky’: When Nessus Finds 0-Days

    Getting ‘lucky’: When Nessus Finds 0-Days

    [This was originally published on the Tenable blog.] Historically, vulnerability scanners have been signature based: looking for issues based on a static signature, behavior such as bannerhttps://pt-br.tenable.com/blog/getting-lucky-when-nessus-finds-0-days output or service response output to certain queries. If the scanner was not specifically directed to look for a given vulnerability, it would not find it. Many in…

  • Putting OSVDB to work for Nessus Vulnerability Management

    Putting OSVDB to work for Nessus Vulnerability Management

    [This was originally published on the Tenable blog.] A customer recently asked us to provide a count of patches issued in 2009 for various Unix and Linux-based operating systems. To honor their request, we turned to OSVDB, the Open Source Vulnerability Database. OSVDB covers over 60,000 vulnerabilities, spans over 26,000 products and has a powerful search…

  • Using Nessus to call Nikto

    Using Nessus to call Nikto

    [This was originally published on the Tenable blog.] Earlier this year, Michel Arboi wrote a blog post explaining how to use Nessus to call Nikto and incorporate the results into Nessus output. Most newcomers to Nessus have enabled the nikto.nasl wrapper only to find it produced no output. Some Nessus users have found various ways to ensure…

  • Tenable Training, First Hand

    Tenable Training, First Hand

    [This was originally published on the Tenable blog.] As a new Tenable employee, one of my first opportunities was to sit in on recently updated Nessus training classes taught by Tenable’s Training Lead, Matt Franz. Joining me in putting Matt on the hot seat was Tenable CSO Marcus Ranum. As a consultant, I have been…