While I was reviewing ICSA "Network IPS Corporate Testing Criteria" I
really got the impression that they used a fairly outdated set of
vulnerabilities.
Most of the 219 vulnerabilities they used date back from 2001-2004.
Only 18 of them are from 2005 and none are from 2006, altough the year
hasn't really been vulnerability less.
It also seems that they didn't test any replays of client side stuff
which is certainly something that's on the rise ...
Altough their list is pretty enterprise oriented I'm still missing
stuff like tomcat, mysql, db2, malformed sip.
What do you think ?
Any pointers to exploits, applications that must be included in such an
enterprise ready test ....
Thanks
Ronny
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
