Providing credentials to Nessus so that it can log into the systems being scanned is a very effective method of vulnerability scanning. It enables the scanner to provide a patch audit, perform local operating system identification, portscanning, and audit the configuration files present on the target. For web application testing, credentials allow Nessus to enumerate and detect vulnerabilities inside the application, ensuring that a larger percentage of functionality is tested. The following two videos cover how to perform both network-based credentialed scanning, and provide credentials for web application scanning using Nessus 4.2.
Network-based Credentialed Scanning & Patch Auditing
Nessus 4.2 - Web Application Scanning With Credentials
- Asking for Credentials from IT
- Protecting Scanning Credentials from Malicious Insiders
- 3 Reasons You Should Be Using Credentialed Scanning (By Jason Holcomb, Digital Bond)