Security Basics mailing list archives
Re: Finding Nessus False POsitives
From: miguel.dilaj () pharma novartis com
Date: Mon, 7 Feb 2005 17:51:46 +0000
Hi kaps, To start with, Nessus also gives you the reference to a CVE or BID. Go to the Common Vulnerabilities and Exposure or Bugtraq websites and READ. Another very good source are the RFC (Request for Comments) documents that describe a particular protocol. For example you say that you don't know how to replicate a PUT or DEL request in HTTP. Go to www.rfc-editor.org, search the RFC for HTTP protocol (probably you'll be interested in v1.1 of the protocol) and READ it. Cheers, Miguel Dilaj (Nekromancer) Vice-President of IT Security Research, OISSG www.oissg.org kaps lock <secnerdkaps () yahoo com> 07/02/2005 00:16 To: security-basics () securityfocus com cc: (bcc: Miguel Dilaj/PH/Novartis) Subject: Finding Nessus False POsitives Hi All, I would like to know how experieced vulnerability assesment anaylsts determine nessus results as false positives or not. The way i ascertain a result being a false positive or not is by crafting the same http request to the webserver . The point where i struggle is how to craft the same request.I mean if nessus says "nessus was able to find the authentication mechanism behind an smtp server as NTLM how cud i believe or deduce tis true" "or nessus cud actually upload a test file with PUT and then delete the TEST file with DEL on the webserver" how can i determine these to be true? thanks kaps __________________________________ Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. http://info.mail.yahoo.com/mail_250
Current thread:
- Re: Finding Nessus False POsitives miguel . dilaj (Feb 09)
- <Possible follow-ups>
- Re: Finding Nessus False POsitives H Carvey (Feb 09)