Penetration Testing mailing list archives
Re: False-negatives in several Vulnerability Assessment tools
From: Muhammad Faisal Rauf Danka <mfrd () attitudex com>
Date: Tue, 15 Apr 2003 23:10:57 -0700 (PDT)
Very Informative article I must say, However, <quote> Numerous Vulnerability Assessment (VA) tools are available for security engineers, pen-testers and network administrators. Their results are mostly trusted by users since they don't have time nor competences to validate that output. </quote> Users should not be the one to validate the output, The result of (VA) tools should be thoroughly identified and manually checked by the <quote> security engineers, pen-testers and network administrators </quote> Another thing, now are we looking towards re-designing of several plugins for other languages and accordingly newer plugins to have different languages versions and it would effect several signatures in various (IDS) too. Did you contacted most if not all (VA) and (IDS) vendors regarding this, and what's their response? Regards -------- Muhammad Faisal Rauf Danka _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Select your own custom email address for FREE! Get you () yourchoice com w/No Ads, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-pen-test ----------------------------------------------------------------------------
Current thread:
- False-negatives in several Vulnerability Assessment tools Nicolas Gregoire (Apr 07)
- <Possible follow-ups>
- Re: False-negatives in several Vulnerability Assessment tools Muhammad Faisal Rauf Danka (Apr 16)
- Re: False-negatives in several Vulnerability Assessment tools R. DuFresne (Apr 16)
- Re: False-negatives in several Vulnerability Assessment tools Jimi Thompson (Apr 17)
- RE: False-negatives in several Vulnerability Assessment tools Craig H. Rowland (Apr 17)
- Port Scanners / Sniffers Review Sam (Apr 24)
- Re: Port Scanners / Sniffers Review cdowns (Apr 24)
- Re: Port Scanners / Sniffers Review Mary-RR (Apr 24)
- Re: Port Scanners / Sniffers Review Paul Vlissidis (Apr 27)
- Re: Port Scanners / Sniffers Review Philippe Biondi (Apr 30)
- Re: False-negatives in several Vulnerability Assessment tools R. DuFresne (Apr 16)