Highest Voted 'vulnerability-scanners' Questions

2

votes

3 answers

Where to place a vulnerability scanner within a data center

There is currently a debate in my office on the best location to place a vulnerability scanner (a distributed scanner - Rapid7 Nexpose, using scan engines) within a data center. I see two options: Place the virtual appliance in a secured VLAN, open…

firewalls vulnerability-scanners vulnerability

asked Oct 22 '14 at 19:52

appsecguy

435
4
12

2

votes

3 answers

How to determine if someone is scanning my server?

How is possible to determine if someone make requests with tools for pentesting? Is there any linux command?

linux webserver vulnerability-scanners web-scanners

asked Oct 08 '14 at 11:05

Vladimir

209
1
3
4

2

votes

1 answer

Do heuristics exist for modeling the "harmlessness" of a file?

There's a file processing service that looks for some know attacks and sometimes returns messages like: Probably harmless! There are strong indicators suggesting that this file is safe to use. Are there heuristics that model the likelihood that…

vulnerability-scanners threat-modeling

asked May 18 '14 at 18:52

blunders

5,052
4
28
45

2

votes

3 answers

Effectively Pentest a Wordpress Site

When it comes to blackbox pentesting of a Wordpress site, the first thing to come to mind is WPScan [http://wpscan.org/]. While pentesting some sites, I faced a common issue i.e it shows that Wordpress SEO 1.14.15 is vulnerable to Cross Site…

xss vulnerability-scanners wordpress encoding

asked Mar 30 '14 at 07:10

justtrying123

181
2
13

2

votes

2 answers

Internal / external Penetration testing a webserver - PCI

the PCI DSS document states: 11.3.2 Perform internal penetration testing at least annually and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a sub network added to the…

penetration-test pci-dss vulnerability-scanners network-scanners

asked Mar 11 '14 at 14:22

user1398287

161
1
4

2

votes

1 answer

Is there any useful Android app for security assessments?

I've been thinking for a while about whether or not ask this, as it may be a opinion-based question, but as I have seen a couple of non-closed questions about recommended books, so I think this is the same case. Is there any app for Android which be…

android vulnerability-scanners audit

asked Dec 28 '13 at 10:15

The Illusive Man

10,487
16
56
88

2

votes

2 answers

False positive Apache version in scanner results on Centos

Recently I need to care a lot of false positive vulnerabilities in scanner results on Apache version. Example of false positive vulnerability: Apache 2.2 < 2.2.16 Multiple Vulnerabilities Our customers run scanners and they check Apache version…

vulnerability-scanners apache centos

asked Dec 27 '13 at 16:59

Michael

1,457
1
18
36

2

votes

1 answer

Nessus No host data is available for this scan error

I encountered an error in a Nessus result. Error: No host data is available for this scan. I want to scan IP 192.16x.x.x with Nessus. I scan this IP with nmap and only 2 TCP ports are open. Essentially, the results say the host is up. I…

penetration-test vulnerability-scanners tcp

asked Dec 12 '13 at 08:45

dgn

124
2
4
13

2

votes

2 answers

Import nmap scan results into OpenVAS

I have recently been introduced to OpenVAS for scanning our network at work. I am familiar with nmap, and I am happy with it's performance when used stand-alone from the cli, through iptraf I can see it is scanning at speeds upwards of a thousand…

penetration-test vulnerability-scanners network-scanners nmap

asked Dec 11 '13 at 09:38

Jeffrey L. Roberts

173
2
6

2

votes

2 answers

Organizing scheduled vulnerability scans

I am wondering what others do in regards to setting up their enterprise scheduled vulnerability scan policies. For example do you prefer to create a single scan policy and scan all networks regardless of the hosts platforms (windows, linux, SQL…

vulnerability-scanners

asked Dec 04 '13 at 14:12

m3ta

174
2
8

2

votes

1 answer

how to access to arachni scanner web interface?

I have downloaded Arachni package. It is said in the README file to run bin/arachni_web to access to web interface of this scanner. I run it but no web page appears. I just see these lines: >> Thin web server (v1.5.1 codename Straight Razor) >>…

vulnerability-scanners

asked Jun 09 '13 at 03:10

hd.

131
1
1
4

2

votes

2 answers

Suspect Exchange Server appears to be hacked. How to determine if it was a false positive?

Our security vendor detected that our client's CAS server was doing a nessus scan in the internal network. It's not uncommon for this vendor to issue a false positive, but I'm looking for general guidance on how I should analyze this Windows based…

windows vulnerability-scanners audit network-scanners exchange

asked Feb 19 '13 at 16:04

makerofthings7

50,090
54
250
536

2

votes

2 answers

Why Nessus freezes at 0% and how to fix it?

Does anybody know why Nessus freezes at 0%? I am not sure that I've done the right configuration, but it is becoming painful How long approximately takes to scan one machine?

vulnerability-scanners

asked Jan 31 '13 at 00:13

Alex

412
1
8
14

2

votes

3 answers

How do you test security tools

I am planning to purchase a security tool like fortify, or sonarqube or snyk. How do you evaluate if the scanner really picks up static vulnerabilities and malware, as well runtime attacks? Any good docker image sample which contains good malware…

vulnerability-scanners static-analysis dynamic-analysis

asked Nov 11 '21 at 16:11

user12158726

121
3

2

votes

4 answers

Antivirus Engine based MD5 or SHA1 hash?

I'm trying to understand more about MD5 and SHA1 hashes algorithms and their behavior in serious security software(found this but not helped me more). Why does ClamAV use additional scanning techniques(MD5 for a speciﬁc section in a PE ﬁle,…

hash antivirus vulnerability-scanners md5

asked Dec 05 '12 at 22:47

Marwen Trabelsi

133
1
9

Questions tagged [vulnerability-scanners]