Chapter 9. Vulnerability Assessment


85


9.3.2. Nessus


Nessus is a full service security scanner. The plug in architecture of Nessus allows users to customize


it for their systems and networks. As with any scanner, Nessus is only as good as the signature database


it relies upon. Fortunately, Nessus is updated on a daily basis. It features full reporting, host scanning,


and real time vulnerability searches. Remember that there could be false positives and false negatives,


even in a tool as powerful and as frequently updated as Nessus.


Note


Nessus is not included with Red Hat Linux and is not supported. It has been included in this docu 


ment as a reference to users who may be interested in using this popular application.


For more information about Nessus, refer to the official website at http://www.nessus.org.


9.3.3. Whisker


Whisker is an excellent CGI scanner. Whisker has the capability to not only check for CGI vulner 


abilities but do so in an evasive manner, so as to elude intrusion detection systems. It comes with


excellent documentation which should be carefully reviewed prior to running the program. When


you have found your Web servers serving up CGI scripts, Whisker can be an excellent resource for


checking the security of these servers.


Note


Whisker is not included with Red Hat Linux and is not supported. It has been included in this docu 


ment as a reference to users who may be interested in using this popular application.


More information about Whisker can be found at http://www.wiretrip.net.


9.3.4. VLAD the Scanner


VLAD is a scanner developed by the RAZOR team at Bindview, Inc. that may be used to check for


vulnerabilities. It checks for the SANS Top Ten list of common security issues (SNMP issues, file


sharing issues, etc.). While not as full featured as Nessus, VLAD is worth investigating.


Note


VLAD is not included with Red Hat Linux and is not supported. It has been included in this document


as a reference to users who may be interested in using this popular application.


More information about VLAD can be found on the Tools page on the RAZOR team website at


http://razor.bindview.com/index.shtml.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      web hosting comparison

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved