Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Presentation "Using Nessus In Web Application Assessments"

At a recent OWASP meeting in Princeton, NJ I gave a short presentation on some techniques to have Nessus dig deeper into your web applications. There are several approaches to web application testing:

    "Blind Tests" - Often a penetration tester is provided a range of address spaces and some rules of engagement to define the parameters of the test. Information such as which IP addresses and/or hostnames are running web servers is not typically provided, nor is a list of which web applications are running on those web servers. Nessus contains functionality to identify running web servers and vulnerable web applications, which is is very useful if you have large amounts of address space to scan. This does not replace manual testing, but provides a starting point for detailed web application tests.

    Targeted Scanning - If you are scanning internally you may want to configure scans that specifically target your web servers. Nessus has many features that can be tuned to generate more details from these scans. There are several options, such as "CGI scanning" that can test web applications for the "low hanging fruit". While Nessus does contain some functionality to test for XSS and SQL injection, it is not a replacement for manual testing or specific scans and testing that can be performed with a pure web application testing tool (or suite of tools).

    Local patch and configuration auditing - When provided credentials, Nessus can log into your web and database servers and check for the latest patches and configuration settings. This is a great way to ensure that your web application environment is hardened against attacks. Auditing the configuration against industry standards, such as the OWASP Top 10 List, can help prevent successful attacks that rely on mis-configuration (such as PHP's "safe_mode" setting).

You can download the slides from the presentation and see step-by-step how to configure Nessus to scan web applications, the options available for local checking and configuration auditing, and even how to tune the audit policies with custom checks.


Subscribe to the Tenable Blog

Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.