[Owasp-delhi] Tools for Web Server V A

Nipun Gupta nipuntronix at gmail.com
Mon Feb 22 02:50:19 EST 2010


Dear all,

 

I think Nessus is the best tool available for web server VA yet. You can use
also Bastille templates for OS (Unix type) hardening. Nessus is tried and
tested, plus it is patched regularly. 

 

Thank you and I hope that helps, 

 

Nipun Gupta

MSIT-Information Security

Carnegie Mellon University  

 

From: owasp-delhi-bounces at lists.owasp.org
[mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of Munish Seth
Sent: Monday, February 22, 2010 12:47 AM
To: Neelu Tripathy; suresh tiwary
Cc: owasp-delhi at lists.owasp.org
Subject: Re: [Owasp-delhi] Tools for Web Server V A

 

Hi,

 

There is one more opensource tool available which keeps on getting free
feeds.

 

Regards,

 

Munish

 

From: owasp-delhi-bounces at lists.owasp.org
[mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of Neelu Tripathy
Sent: Friday, February 19, 2010 10:28 AM
To: suresh tiwary
Cc: owasp-delhi at lists.owasp.org
Subject: Re: [Owasp-delhi] Tools for Web Server V A

 


Hi , 

      Yes, NESSUS can be used for web server VA. It is recommended to use
the professional feeds, though. Besides you can fine tune your tests for IIS
in NESSUS. 


Regards,
Neelu Tripathy
Security Analyst,  TEG
Tata Consultancy Services
Mailto: neelu.tripathy at tcs.com
Website:  <http://www.tcs.com/> http://www.tcs.com
____________________________________________
Experience certainty.        IT Services
                       Business Solutions
                       Outsourcing
____________________________________________ 


From: 

"suresh tiwary" <sureshtiwary at rediffmail.com> 


To: 

<owasp-delhi at lists.owasp.org> 


Cc: 

<neelu.tripathy at tcs.com>, <ra.shrivastava08 at gmail.com>,
<shekhar.aryan at me.com>, <vinodh.kiran at teaqtech.com> 


Date: 

02/18/2010 05:50 PM 


Subject: 

[Owasp-delhi] Tools for Web Server V A

 

  _____  




Dear OWASP Delhi,

Thank you all for the good information. but i am still confused whether
"NESSUS" is a web server vulnerability assessment tool or a Network
Assessment tool.

Please suggest. 

The situation is: I have to perform the V.A of IIS using a tool. So how do I
start, Use NESSES and proceed or use any commercial tool. If commercial
tool, then which is the widely accepted commercial tool. A organization cant
have multiple commerical tool, so suggest A few commercial tools that can
perform web server V.A.

Also any checklist for IIS V.A ? 

Thanks & regards,
Suresh

Note: Forwarded message attached

-- Original Message --

From: "Vinodh Kiran S" vinodh.kiran at teaqtech.com
To: sureshtiwary at rediffmail.com
Cc: neelu.tripathy at tcs.com, ra.shrivastava08 at gmail.com
Subject: FW: [Owasp-delhi] Tools for Web Server V A 

	



----- Message from "Vinodh Kiran S" <vinodh.kiran at teaqtech.com> on Unknown
----- 


To:

<sureshtiwary at rediffmail.com> 


cc:

<neelu.tripathy at tcs.com>, <ra.shrivastava08 at gmail.com> 


Subject:

FW: [Owasp-delhi] Tools for Web Server V A


Dear Suresh, 
  
In continuation of the below recommendations from Rahul and Neelu, I just
wanted to let you know that we represent Core Security (Providers of Core
Impact), here in India.  The attached datasheet will give you a quick
overview. I would like to know your thoughts on this. Please do contact me
for any further assistance. 
  
Good Day! 
  
Regards, 
  
Vinodh Kiran S |Sr. Manager - ECM | Cell: +91 (0) 9900247424 
  


  
Teaq Technologies Pvt. Ltd. 
#320, 6c Cross, OMBR Layout | Bangalore 560 043, INDIA |Telefax: +91 (80)
4161 2610 
  
  
  
From: owasp-delhi-bounces at lists.owasp.org [
<mailto:owasp-delhi-bounces at lists.owasp.org>
mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of Neelu Tripathy
Sent: Wednesday, February 17, 2010 4:11 PM
To: suresh tiwary
Cc: owasp-delhi at lists.owasp.org; owasp-delhi-bounces at lists.owasp.org
Subject: Re: [Owasp-delhi] Tools for Web Server V A 
  

Hi Suresh, 

    Apart from what Rahul suggested, you can also for GFI Languard or Core
Impact (both proprietary). For a better hands-on and/or manual assessment,
try using Metasploit (Opensource), though that might be more on the PT side.



Regards,
Neelu Tripathy
Security Analyst,  TEG
Tata Consultancy Services
Mailto: neelu.tripathy at tcs.com


From: 

"suresh tiwary" <sureshtiwary at rediffmail.com> 


To: 

<owasp-delhi at lists.owasp.org> 


Date: 

02/17/2010 11:46 AM 


Subject: 

[Owasp-delhi] Tools for Web Server V A 


Sent by: 

owasp-delhi-bounces at lists.owasp.org


  

 

  _____  





Issue: Tools for web server V A for IIS, Apache etc ?

Dear OWASP Delhi,

Can anyone provide complete and comprehensive information, sites of web
server vulnerability assessment by manual method and by automated tools.

1. What are the free tools / open source tools actually and 
practically used for web serv V A ?

2. What are the commercial tools used for automated web server V A ?

3. How a manual web server v a is conducted ? Any checklist and the 
practical process.

4. People can share their web server v a experience.

Thanks & regards,
Suresh 

	



_______________________________________________
Owasp-delhi mailing list
Owasp-delhi at lists.owasp.org
 <https://lists.owasp.org/mailman/listinfo/owasp-delhi>
https://lists.owasp.org/mailman/listinfo/owasp-delhi 
=====-----=====-----===== 
Notice: The information contained in this e-mail 
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you 
  
 [attachment "CORE_IMPACT_Pro.pdf" deleted by Neelu Tripathy/TVM/TCS] 

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or
 telephone and 
immediately and permanently delete the message 
and any attachments. Thank you
 
 




Confidentiality Notice: "This message and any attachment(s) contained here
are information that is confidential, proprietary to IDS Infotech Ltd. and
its customers. Contents may be privileged or otherwise protected by law. The
information is solely intended for the individual or the entity it is
addressed to. If you are not the intended recipient of this message, you are
not authorized to read, forward, print, retain, copy or disseminate this
message or any part of it. If you have received this e-mail in error, please
notify the sender immediately by return e-mail and delete it from your
computer." 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100222/00a1c9af/attachment-0001.html 


More information about the Owasp-delhi mailing list