Am 01.10.2014 um 16:52 schrieb Brandon Perry: > I agree that utilities like dirb and nikto are useful as plugins for OpenVAS > since these are generally applicable > to any web server. > > Arachni and wapiti require such application specific configurations that I > wouldn't want to give people using > OpenVAS the idea that running arachni through OpenVAS is as good as running > it independently. Both are very > powerful (particularly arachni), but I do think they almost serve a different > purpose than OpenVAS in that OpenVAS > in my mind is about finding and remediating known vulnerabilities such as > missing patches and a /backup folder on a > web server. > > Finding SQL injections and XSS should be in the development lifecycle, not > the patch management and insecure > configuration discovery
no - finding SQL injections and XSS is *by definition* the purpose of a security scan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
