[Owasp-delhi] Tools for Web Server V A

Satyajit Das mr.satyajitdas at gmail.com
Fri Feb 19 01:19:39 EST 2010


hi All,

A site which can assist:

http://www.vulnerabilityscanning.com/Web-Servers-Security.htm

regards,
satyajit


On 2/19/10, Neelu Tripathy <neelu.tripathy at tcs.com> wrote:
>
>
> Hi ,
>
>       Yes, NESSUS can be used for web server VA. It is recommended to use
> the professional feeds, though. Besides you can fine tune your tests for IIS
> in NESSUS.
>
>
> Regards,
> Neelu Tripathy
> Security Analyst,  TEG
> Tata Consultancy Services
> Mailto: neelu.tripathy at tcs.com
> Website: http://www.tcs.com
> ____________________________________________
> Experience certainty.        IT Services
>                        Business Solutions
>                        Outsourcing
> ____________________________________________
>
>
>   From: "suresh tiwary" <sureshtiwary at rediffmail.com>  To: <
> owasp-delhi at lists.owasp.org>  Cc: <neelu.tripathy at tcs.com>, <
> ra.shrivastava08 at gmail.com>, <shekhar.aryan at me.com>, <
> vinodh.kiran at teaqtech.com> Date: 02/18/2010 05:50 PM Subject: [Owasp-delhi]
> Tools for Web Server V A
> ------------------------------
>
>
>
> Dear OWASP Delhi,
>
> Thank you all for the good information. but i am still confused whether
> "NESSUS" is a web server vulnerability assessment tool or a Network
> Assessment tool.
>
> Please suggest.
>
> The situation is: I have to perform the V.A of IIS using a tool. So how do
> I start, Use NESSES and proceed or use any commercial tool. If commercial
> tool, then which is the widely accepted commercial tool. A organization cant
> have multiple commerical tool, so suggest A few commercial tools that can
> perform web server V.A.
>
> Also any checklist for IIS V.A ?
>
> Thanks & regards,
> Suresh
>
> Note: Forwarded message attached
>
> -- Original Message --
>
> From: "Vinodh Kiran S" vinodh.kiran at teaqtech.com
> To: sureshtiwary at rediffmail.com
> Cc: neelu.tripathy at tcs.com, ra.shrivastava08 at gmail.com
> Subject: FW: [Owasp-delhi] Tools for Web Server V A  <http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/[email protected]?>
>
> ----- Message from "Vinodh Kiran S" <vinodh.kiran at teaqtech.com> on Unknown
> -----
> *To:*
> <sureshtiwary at rediffmail.com>
> *cc:*
> <neelu.tripathy at tcs.com>, <ra.shrivastava08 at gmail.com>
> *Subject:*
> FW: [Owasp-delhi] Tools for Web Server V A
> Dear Suresh,
>
> In continuation of the below recommendations from Rahul and Neelu, I just
> wanted to let you know that we represent Core Security (Providers of Core
> Impact), here in India.  The attached datasheet will give you a quick
> overview. I would like to know your thoughts on this. Please do contact me
> for any further assistance.
>
> Good Day!
>
> Regards,
>
> Vinodh Kiran S |Sr. Manager – ECM | Cell: +91 (0) 9900247424
>
>
>
> * *
> *Teaq Technologies Pvt. Ltd.*
> #320, 6c Cross, OMBR Layout | Bangalore 560 043, INDIA |Telefax: +91 (80)
> 4161 2610
>
>
>
> *From:* owasp-delhi-bounces at lists.owasp.org [
> mailto:owasp-delhi-bounces at lists.owasp.org<owasp-delhi-bounces at lists.owasp.org>]
> *On Behalf Of *Neelu Tripathy*
> Sent:* Wednesday, February 17, 2010 4:11 PM*
> To:* suresh tiwary*
> Cc:* owasp-delhi at lists.owasp.org; owasp-delhi-bounces at lists.owasp.org*
> Subject:* Re: [Owasp-delhi] Tools for Web Server V A
>
>
> Hi Suresh,
>
>     Apart from what Rahul suggested, you can also for GFI Languard or Core
> Impact (both proprietary). For a better hands-on and/or manual assessment,
> try using Metasploit (Opensource), though that might be more on the PT side.
>
>
> Regards,
> Neelu Tripathy
> Security Analyst,  TEG
> Tata Consultancy Services
> Mailto: neelu.tripathy at tcs.com
>
>   From: "suresh tiwary" <sureshtiwary at rediffmail.com>  To: <
> owasp-delhi at lists.owasp.org>  Date: 02/17/2010 11:46 AM  Subject: [Owasp-delhi]
> Tools for Web Server V A
>  Sent by: owasp-delhi-bounces at lists.owasp.org
>
>
>
> ------------------------------
>
>
>
>
> Issue: Tools for web server V A for IIS, Apache etc ?
>
> Dear OWASP Delhi,
>
> Can anyone provide complete and comprehensive information, sites of web
> server vulnerability assessment by manual method and by automated tools.
>
> 1. What are the free tools / open source tools actually and
> practically used for web serv V A ?
>
> 2. What are the commercial tools used for automated web server V A ?
>
> 3. How a manual web server v a is conducted ? Any checklist and the
> practical process.
>
> 4. People can share their web server v a experience.
>
> Thanks & regards,
> Suresh
>
>
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org*
> **https://lists.owasp.org/mailman/listinfo/owasp-delhi*<https://lists.owasp.org/mailman/listinfo/owasp-delhi>
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>
>  [attachment "CORE_IMPACT_Pro.pdf" deleted by Neelu Tripathy/TVM/TCS]
>
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>
>
>
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100219/9945aeab/attachment.html 


More information about the Owasp-delhi mailing list