Tenable and SCAP 1.1

by Kelly Todd
January 19, 2011

Tenable recently announced that SecurityCenter 4 has been validated by NIST as conforming to the Security Content Automation Protocol (SCAP) version 1.0. The specifications for the latest version of SCAP, 1.1, have recently been released through NIST’s third public draft of Special Publication 800-126 Rev. 1, and the revision is currently open until January 28 for public comment on implementation, content or functional issues within the specification. Tenable is already focusing on the changes included in SCAP 1.1 and will incorporate them into both SecurityCenter and Tenable’s xTool, which is used to parse XCCDF SCAP content available from NIST and also convert SecurityCenter reports into the FDCC reporting format.

SecurityCenter 4 Receives FDCC and SCAP Validated Tool Certification

by Kelly Todd
December 22, 2010

Tenable Network Security is pleased to announce that SecurityCenter 4 has recently been validated by the National Institute of Standards and Technology (NIST) as conforming to the Security Content Automation Protocol (SCAP) and its component standards. As of December 16, 2010, SecurityCenter 4 is SCAP validated for the following capabilities:

Continuous SSL Certificate Monitoring - not just for HTTPS

by Ron Gula
October 15, 2010

Does your organization use “secure communication” channels, such as HTTPS? Has your IT staff placed trusted certificates on all of your critical and important web services? What about your SMTP, FTP, IMAP, LDAP, POP3, ACAP, NNTP and XMPP servers? Have any of your certificates expired? Have hackers compromised your servers and replaced them with fake certificates? Secure communications with SSL is a lot more complicated than simply going to sites that have an “https” in front of them. This blog entry discusses how active scanning with the Nessus vulnerability scanner and network monitoring with the Passive Vulnerability Scanner (PVS) can be leveraged for continuous monitoring of your SSL certificate infrastructure.

Using Nessus for OWASP and PCI Web Audits

by Ron Gula
October 6, 2010

Tenable has released a technical paper named "Demonstrating Compliance with Nessus Web Application Scans". It details how OWASP Top 10 and Payment Card Industry web audits can be performed with Nessus scanners. This is a technical paper and specific attention is given as to which Nessus plugins can be used to perform various OWASP types of testing. For example, below is an excerpt from the paper's chapter on OWASP A5 - Cross Site Request Forgery

Apple Security Update 2010-006, File Sharing and Mac OS X defaults

by Renaud Deraison
September 22, 2010

On Monday, Apple released Security Update 2010-006, which fixes an “error handling” issue in the AFP (Apple Filing Protocol) server that may allow an attacker to log in as another user with a malformed password, provided he has “knowledge of an account name” on the remote system:


We see enough Mac OS X systems with AFP enabled in universities to spend some time on this given flaw and revisit the Mac OS X file sharing abilities and  default settings.

Nessus ‘Here You Have’ Worm Detection Plugin Released

by Brian Martin
September 14, 2010

Many corporations spent last weekend playing “Whack-a-Worm”, attempting to eradicate the “Here You Have” worm. The major problem with viruses and worms is that once you think you have removed them from your network, another outbreak pops up. Nessus plugin 49211, “Here You Have Email Worm Detection”, has been added to the plugin feed and is available for both ProfessionalFeed and HomeFeed users. This plugin examines a Microsoft Windows system to detect the presence of the “Here You Have” worm. Note that you will need credentials on the target system for this plugin to work.

Scanning Large Networks with Nessus

by Brian Martin
August 2, 2010


The first time I was asked to scan a Class B network, my initial reaction was “Are you kidding me?” I actually thought it was a trick question to see how I reacted to unexpected situations. I had just two weeks to develop a strategy and perform the scan. This seemed to be a daunting task.

Ten years later, I had provided assessments for Class B (or bigger) networks over a dozen times, mostly for government agencies and the occasional university. Performing an audit of tens of thousands of IP addresses is no different from any other audit, unless time is restrictive. Large IP blocks in small time periods require you to revise your normal assessment methodology. Where you typically scan 65,535 ports on a machine, you may only be able to scan a dozen or two. Instead of examining every open port on a machine, time constraints may force you to focus on low-hanging fruit and services that are prone to high-risk vulnerabilities.

Developing a Methodology

Thinking about the polar opposites in assessment, you have a single IP address on one side, and a Class B network on the other. Adjusting your methodology to account for the number of machines becomes a balancing act between allotted time and number of targets. As the number of systems to scan increases, while the time allocated to scan remains constant, the amount of time per system must decrease.

Plugin Highlight - Web Application Tests : Load Estimation (ID 33817)

by Paul Davis
July 26, 2010

Web application testing with automated scanners can be tricky business. While testing various target web servers, I found that some targets seemed to finish in a relatively short period, while others took days - or never seemed to complete at all. This occurred despite the fact that I often used identical test settings and relatively conservative scan settings for the different targets.

While troubleshooting this apparent disparity, I came across a useful plugin that helped me see a little of what was going on in the background. The plugin is Nessus Plugin ID 33817 “Web Application Tests : Load Estimation”.

Tenable Reaches 100th Employee

by Kelly Todd
July 19, 2010

For the past several months, Tenable Network Security has been creating and filling new positions within the company. As we continue to grow, Tenable has been steadily working to improve Nessus and its line of Enterprise products, and we have recently added our 100th employee to our roster… but we’re not done yet. Tenable currently has nine open positions listed on our Careers page, including career opportunities in Development, Engineering, Training and Sales.

Among the positions listed is a “Digital/Web Strategy Coordinator”, which is designed to develop and maintain Tenable’s customer-facing websites. The ideal candidate for this position will have a unique blend of technical and marketing skills, excellent communication skills and the ability to work on multiple strategic projects simultaneously. This position reports to the Director of Marketing and will work closely with our Sales, Development and Content groups to improve our existing online presence and complete new online projects.

Tenable’s Director of Marketing, Susan Corbin, says, "This position is a great opportunity for someone who enjoys taking an idea or concept, formulating a marketing strategy around that concept, and then working the project through to completion. It is a very hands-on role with a lot of room for learning and growth potential, which is perfect for someone who wants to get some real-world marketing experience under their belt”.

Detecting the Recent Adobe 0-Day (APSA10-01) with Nessus

by Brian Martin
June 11, 2010

On June 4, 2010, Adobe announced a new attack being exploited in the wild that targeted Adobe products, and word spread quickly. Adobe’s security bulletin (APSA10-01) provided few details, but confirmed that attackers were actively exploiting a vulnerability that affected their Flash Player, Adobe Reader and Acrobat. The advisory provided some immediate mitigation techniques such as upgrading Flash Player to 10.1 RC or removing access to authplay.dll for Reader or Acrobat.