Re: [Owasp-delhi] Tools for Web Server V A

[Neelu Tripathy]

Hi ,

      Yes, NESSUS can be used for web server VA. It is recommended to use 
the professional feeds, though. Besides you can fine tune your tests for 
IIS in NESSUS.


Regards,
Neelu Tripathy
Security Analyst,  TEG
Tata Consultancy Services
Mailto: neelu.tripa...@tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty.   IT Services
                        Business Solutions
                        Outsourcing
____________________________________________



From:
"suresh tiwary" <sureshtiw...@rediffmail.com>
To:
<owasp-delhi@lists.owasp.org>
Cc:
<neelu.tripa...@tcs.com>, <ra.shrivastav...@gmail.com>, 
<shekhar.ar...@me.com>, <vinodh.ki...@teaqtech.com>
Date:
02/18/2010 05:50 PM
Subject:
[Owasp-delhi] Tools for Web Server V A



Dear OWASP Delhi,

Thank you all for the good information. but i am still confused whether 
"NESSUS" is a web server vulnerability assessment tool or a Network 
Assessment tool.

Please suggest. 

The situation is: I have to perform the V.A of IIS using a tool. So how do 
I start, Use NESSES and proceed or use any commercial tool. If commercial 
tool, then which is the widely accepted commercial tool. A organization 
cant have multiple commerical tool, so suggest A few commercial tools that 
can perform web server V.A.

Also any checklist for IIS V.A ? 

Thanks & regards,
Suresh

Note: Forwarded message attached

-- Original Message --

From: "Vinodh Kiran S" vinodh.ki...@teaqtech.com
To: sureshtiw...@rediffmail.com
Cc: neelu.tripa...@tcs.com, ra.shrivastav...@gmail.com
Subject: FW: [Owasp-delhi] Tools for Web Server V A


----- Message from "Vinodh Kiran S" <vinodh.ki...@teaqtech.com> on Unknown 
-----
To:
<sureshtiw...@rediffmail.com>
cc:
<neelu.tripa...@tcs.com>, <ra.shrivastav...@gmail.com>
Subject:
FW: [Owasp-delhi] Tools for Web Server V A
Dear Suresh,
 
In continuation of the below recommendations from Rahul and Neelu, I just 
wanted to let you know that we represent Core Security (Providers of Core 
Impact), here in India.  The attached datasheet will give you a quick 
overview. I would like to know your thoughts on this. Please do contact me 
for any further assistance.
 
Good Day!
 
Regards,
 
Vinodh Kiran S |Sr. Manager ? ECM | Cell: +91 (0) 9900247424
 


 
Teaq Technologies Pvt. Ltd.
#320, 6c Cross, OMBR Layout | Bangalore 560 043, INDIA |Telefax: +91 (80) 
4161 2610 
 
 
 
From: owasp-delhi-boun...@lists.owasp.org [
mailto:owasp-delhi-boun...@lists.owasp.org] On Behalf Of Neelu Tripathy
Sent: Wednesday, February 17, 2010 4:11 PM
To: suresh tiwary
Cc: owasp-delhi@lists.owasp.org; owasp-delhi-boun...@lists.owasp.org
Subject: Re: [Owasp-delhi] Tools for Web Server V A
 

Hi Suresh, 

     Apart from what Rahul suggested, you can also for GFI Languard or 
Core Impact (both proprietary). For a better hands-on and/or manual 
assessment, try using Metasploit (Opensource), though that might be more 
on the PT side. 


Regards,
Neelu Tripathy
Security Analyst,  TEG
Tata Consultancy Services
Mailto: neelu.tripa...@tcs.com


From: 
"suresh tiwary" <sureshtiw...@rediffmail.com> 
To: 
<owasp-delhi@lists.owasp.org> 
Date: 
02/17/2010 11:46 AM 
Subject: 
[Owasp-delhi] Tools for Web Server V A 
Sent by: 
owasp-delhi-boun...@lists.owasp.org
 




Issue: Tools for web server V A for IIS, Apache etc ?

Dear OWASP Delhi,

Can anyone provide complete and comprehensive information, sites of web 
server vulnerability assessment by manual method and by automated tools.

1. What are the free tools / open source tools actually and 
practically used for web serv V A ?

2. What are the commercial tools used for automated web server V A ?

3. How a manual web server v a is conducted ? Any checklist and the 
practical process.

4. People can share their web server v a experience.

Thanks & regards,
Suresh 



_______________________________________________
Owasp-delhi mailing list
Owasp-delhi@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you
 
 [attachment "CORE_IMPACT_Pro.pdf" deleted by Neelu Tripathy/TVM/TCS] 

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you



_______________________________________________
Owasp-delhi mailing list
Owasp-delhi@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi