Web App Auditing

4 out of 5 CISOs Don't Scan for Off-Port Web Servers

by Ron Gula on June 27, 2011

An off-port web server is one that doesn't run on the common ports of 80 or 443. Management consoles, development systems, devices that speak HTTP for their protocol and many other systems can run on any port, typically 8080 or 8443.

New Nessus Scan Policy Templates Added in the Plugin Feed

by Paul Asadoorian on April 7, 2011

We are pleased to announce that four new Nessus policy templates will be distributed to Nessus ProfessionalFeed and HomeFeed users via the Nessus plugins feed. This is first time we've used "push" functionality to send down scan policy templates. Click for larger image The four new Nessus scan policy templates will appear in the "Policies" tab once your Nessus installation has updated the plugins: External Network Scan - This policy is tuned to scan externally facing hosts, which typically present fewer services to the network. The plugins associated with known web application vulnerabilities (CGI Abuses and CGI Abuses: XSS plugin families) are enabled in this policy. Also, all 65,535 ports are scanned for on each target.

Nessus: Mythbusters Edition

by Paul Asadoorian on January 20, 2011

I've recently been doing a bit of research into the history of Nessus. I discovered that the first version of Nessus was published in 1998, and any time software has been around for that long there are bound to be some myths and misconceptions that develop as fast as new features over the years. This post will explain some common myths and set the record straight. While we did not generate any large explosions for this post, I dove across the office, just because.

SSL Certificate Authority Auditing with Nessus

by Ron Gula on December 28, 2010

Do you know where all of your organization’s SSL certificates are and if they are providing enough protection to you and your customers? Nessus can be used to identify all SSL certificates in use, test if they are expired and with the advent of plugin # 51192 , test that they have been securely signed by a valid certificate authority. This blog entry will review Nessus’s SSL certificate auditing ability and describe how plugin #51192 can help monitor your network for untrustworthy SSL certificates.

Introducing the Nessus Perimeter Service : redefining the cost of online scanning

by Ron Gula on December 7, 2010

Have you ever wanted to run an external Nessus vulnerability audit of your DMZ but didn’t have access to a Nessus scanner located on the outside of your network? Tenable Network Security now offers the Nessus Perimeter Service, offering unrestricted and unlimited vulnerability scans through annual and thirty day subscriptions. Scan any number of Internet facing sites you are authorized to scan from your desktop computer, mobile laptop, iPhone, customer network or wherever is convenient, as often as you want, all for a flat fee. And best of all – if you are a Nessus user, you already know how...

Advanced Web Application Scanning Using Nessus Video

by Paul Asadoorian on November 9, 2010

A new video has been uploaded to the Tenable Security YouTube Channel titled, " Advanced Web Application Scanning Using Nessus ": Please visit the Tenable YouTube Channel where you can view the above video in High Definition for better picture quality

Basic Web Application Scanning Using Nessus VIdeo

by Paul Asadoorian on November 4, 2010

A new video has been uploaded to the Tenable Security YouTube Channel titled, " Basic Web Application Scanning Using Nessus ": Please visit the Tenable YouTube Channel where you can view the above video in High Definition for better picture quality

Integrating Nikto with Nessus Video

by Paul Asadoorian on October 27, 2010

A new video has been uploaded to the Tenable Security YouTube Channel titled, " Integrating Nikto with Nessus ": Please visit the Tenable YouTube Channel where you can view the above video in High Definition for better picture quality When installing Nikto on Linux systems, here are a few tips:

Nessus Web Application Scanning - New plugins & Configuration

by Paul Asadoorian on August 23, 2010

Zen and the Art of Nessus Web Application Scanning Tenable’s research and development teams have been steadily adding new features and plugins to the web application scanning functionality in Nessus to detect web application vulnerabilities. These can be grouped into two categories: Known Web Application Vulnerabilities - Nessus contains over 1,700 plugins that can fingerprint and detect known vulnerabilities in web applications. Any plugin listed in the "CGI Abuses" or "CGI Abuses : XSS" plugin families is written to enumerate vulnerabilities that have been previously reported in a web application product (open-source or commercial). To enable these plugins you MUST enable CGI scanning in a Nessus policy's "Preferences" section. Even if you enable the plugin families they will not execute if CGI scanning is not enabled. Previously Unknown Web Application Vulnerabilities - This level of scanning uses various fuzzing and other enumeration techniques to detect vulnerabilities that may not yet have been discovered. Each parameter of the web application is tested for SQL injection, cross-site scripting and a large number of other common web application attacks. Nessus has a comprehensive list of different attack strings and methods to find vulnerabilities in web applications. More information about these can be found in the Nessus User Guide. The following sections provide more detailed information on how to enable features within Nessus to perform more exhaustive web application scans. Please note that use of these features will cause your scans to run longer! Web Application Test Settings Highlighted in red are two options that direct Nessus to be more comprehensive: Click the image above for a larger version

Detecting ALL of Your Websites Passively and Continuously

by Ron Gula on July 19, 2010

Web application auditing is really difficult if you don’t know about the presence of a website or specific application. You may not know about a web server. You may not know what applications run on that single web server. You may even have malicious websites installed on your network by malware or Trojans. Nessus is great for scanning and finding web servers, even on uncommon ports, but you need to scan often to get the most benefit. Fortunately, Tenable’s Passive Vulnerability Scanner (PVS) can discover new web servers and all of their active web sites in real-time and without any impact to your network. This blog discusses how the PVS can be used to audit networks to find all authorized and malicious websites in use.

Pages