Hi Chris, Without knowing the configuration of your MSP (are they on Nessus 2 or Nessus 3) it will be difficult to duplicate it.
I suggest you try the following: - upgrade to Nessus 3 (its much faster) - enable thorough checks (there is a blog entry we wrote about how to configure external audits) - increase the number of web pages being cached in the KB. - make sure you are auditing from outside your network (I've worked with a lot of folks tying to duplicate their MSP's scans from an internal vantage point that is crippled by a proxy, firewall, NAT or some other mechanism) - ask your MSP for their Nessus configuration so you can see the settings. Ron Gula Tenable Network Security Christopher Ashby wrote: > All- > > I have Nessus 2.2.10 running on a Linux distro, with the registered > feed. I'm updating my plugins whenever I need to complete an internal > vulnerability scan. > > Upon further inspection, I have noticed that Nessus isn't discovering > XSS vulnerabilities as XSS but labeling them CGI discovery notices? I'm > confused... Let me explain: > > On a monthly basis we receive vulnerability scans from a third party > (Trust Wave), for our PCI Compliance. Some of your may be aware, the > requirements have changed, and thus we received a (preview) scan with > the updated requirements. As such I loaded my Nessus, ran a scan on the > same servers, and discovered some issues, BUT not the issues they > discovered namely XSS on an apache map database server. > > My question is, am I missing something from Nessus (configuration > setting or plugin) that is not allowing me to discover XSS issues in my > apache web servers? I have done extensive research into many plugins > and have most, if not all of them loaded, I have mucked with the > scanning options, turning on all *malicious, or experimental setting > with still no luck.. > > I'm just looking for Nessus to output the same results as those > received. I am not looking for the same wording, just the same score > (CVS# or CVSS2#) and vulnerabilities discovered. > > (We are planning on upgrading Nessus to the latest version with a new > box, and obtaining the direct feed within the next month, but would like > this resolved it possible before that) > > Any help would be appreciated! > > Thanks > Christopher > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
