|

»

Debian Security

Live Penetration Testing.

View: New views

3 Messages — Rating Filter: Alert me

	Live Penetration Testing. by Mike Mestnik-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Are there any applications or projects to provide this badly needed service? I'm willing to assist in using or putting together an nmap type applications that scans for known vulnerabilities and attempts to make use of them for security awareness and _,"prof",_ of concept means. Rant: Too often are PCI compliance testings coming up with false positives based on server provided version data. No matter how many times it's spelled out that "These are to be used by authorized/allowed applications(to discover usable features or avoid version conflicts) and not by malicious applications.", there is always some one who is happy for me to change(With the approval of BOFH) the reported version to 0.0.0. -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: Live Penetration Testing. by j.andradas :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Wed, Oct 21, 2009 at 09:48, Mike Mestnik <cheako@...> wrote: Are there any applications or projects to provide this badly needed service? I'm willing to assist in using or putting together an nmap type applications that scans for known vulnerabilities and attempts to make use of them for security awareness and _,"prof",_ of concept means. Rant: Too often are PCI compliance testings coming up with false positives based on server provided version data. No matter how many times it's spelled out that "These are to be used by authorized/allowed applications(to discover usable features or avoid version conflicts) and not by malicious applications.", there is always some one who is happy for me to change(With the approval of BOFH) the reported version to 0.0.0. Hello Mike, are you referring to something like the OpenVAS project[1]? It is a fork of Nesssus. If so, it is currently available for Debian Unstable, and if I am not mistaken, partially available for Debian Stable (Lenny). There is an unofficial Debian repository for OpenVAS packages for lenny, provided by Intevation, a German company behind the development of OpenVAS. Sorry if I did not understand your question/message fully. [1] http://openvas.org/ Best regards, -- Jonás Andradas Skype: jontux LinkedIn: http://www.linkedin.com/in/andradas GPG Fingerprint: 678F 7BD0 83C3 28CE 9E8F 3F7F 4D87 9996 E0C6 9372 Keyservers: pgp.mit.edu \| pgp.rediris.es
	Re: Live Penetration Testing. by matteo.filippetto :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message 2009/10/21 Mike Mestnik <cheako@...>: > Are there any applications or projects to provide this badly needed > service? I'm willing to assist in using or putting together an nmap > type applications that scans for known vulnerabilities and attempts to > make use of them for security awareness and _,"prof",_ of concept > means. > > Rant: > Too often are PCI compliance testings coming up with false positives > based on server provided version data. No matter how many times it's > spelled out that "These are to be used by authorized/allowed > applications(to discover usable features or avoid version conflicts) > and not by malicious applications.", there is always some one who is > happy for me to change(With the approval of BOFH) the reported version > to 0.0.0. > > > -- > To UNSUBSCRIBE, email to debian-security-REQUEST@... > with a subject of "unsubscribe". Trouble? Contact listmaster@... > > You should try Backtrack http://www.remote-exploit.org/backtrack.html Bye -- Matteo Filippetto -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...