hi All, A site which can assist:
http://www.vulnerabilityscanning.com/Web-Servers-Security.htm regards, satyajit On 2/19/10, Neelu Tripathy <neelu.tripa...@tcs.com> wrote: > > > Hi , > > Yes, NESSUS can be used for web server VA. It is recommended to use > the professional feeds, though. Besides you can fine tune your tests for IIS > in NESSUS. > > > Regards, > Neelu Tripathy > Security Analyst, TEG > Tata Consultancy Services > Mailto: neelu.tripa...@tcs.com > Website: http://www.tcs.com > ____________________________________________ > Experience certainty. IT Services > Business Solutions > Outsourcing > ____________________________________________ > > > From: "suresh tiwary" <sureshtiw...@rediffmail.com> To: < > owasp-delhi@lists.owasp.org> Cc: <neelu.tripa...@tcs.com>, < > ra.shrivastav...@gmail.com>, <shekhar.ar...@me.com>, < > vinodh.ki...@teaqtech.com> Date: 02/18/2010 05:50 PM Subject: [Owasp-delhi] > Tools for Web Server V A > ------------------------------ > > > > Dear OWASP Delhi, > > Thank you all for the good information. but i am still confused whether > "NESSUS" is a web server vulnerability assessment tool or a Network > Assessment tool. > > Please suggest. > > The situation is: I have to perform the V.A of IIS using a tool. So how do > I start, Use NESSES and proceed or use any commercial tool. If commercial > tool, then which is the widely accepted commercial tool. A organization cant > have multiple commerical tool, so suggest A few commercial tools that can > perform web server V.A. > > Also any checklist for IIS V.A ? > > Thanks & regards, > Suresh > > Note: Forwarded message attached > > -- Original Message -- > > From: "Vinodh Kiran S" vinodh.ki...@teaqtech.com > To: sureshtiw...@rediffmail.com > Cc: neelu.tripa...@tcs.com, ra.shrivastav...@gmail.com > Subject: FW: [Owasp-delhi] Tools for Web Server V A > <http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline....@middle?> > > ----- Message from "Vinodh Kiran S" <vinodh.ki...@teaqtech.com> on Unknown > ----- > *To:* > <sureshtiw...@rediffmail.com> > *cc:* > <neelu.tripa...@tcs.com>, <ra.shrivastav...@gmail.com> > *Subject:* > FW: [Owasp-delhi] Tools for Web Server V A > Dear Suresh, > > In continuation of the below recommendations from Rahul and Neelu, I just > wanted to let you know that we represent Core Security (Providers of Core > Impact), here in India. The attached datasheet will give you a quick > overview. I would like to know your thoughts on this. Please do contact me > for any further assistance. > > Good Day! > > Regards, > > Vinodh Kiran S |Sr. Manager – ECM | Cell: +91 (0) 9900247424 > > > > * * > *Teaq Technologies Pvt. Ltd.* > #320, 6c Cross, OMBR Layout | Bangalore 560 043, INDIA |Telefax: +91 (80) > 4161 2610 > > > > *From:* owasp-delhi-boun...@lists.owasp.org [ > mailto:owasp-delhi-boun...@lists.owasp.org<owasp-delhi-boun...@lists.owasp.org>] > *On Behalf Of *Neelu Tripathy* > Sent:* Wednesday, February 17, 2010 4:11 PM* > To:* suresh tiwary* > Cc:* owasp-delhi@lists.owasp.org; owasp-delhi-boun...@lists.owasp.org* > Subject:* Re: [Owasp-delhi] Tools for Web Server V A > > > Hi Suresh, > > Apart from what Rahul suggested, you can also for GFI Languard or Core > Impact (both proprietary). For a better hands-on and/or manual assessment, > try using Metasploit (Opensource), though that might be more on the PT side. > > > Regards, > Neelu Tripathy > Security Analyst, TEG > Tata Consultancy Services > Mailto: neelu.tripa...@tcs.com > > From: "suresh tiwary" <sureshtiw...@rediffmail.com> To: < > owasp-delhi@lists.owasp.org> Date: 02/17/2010 11:46 AM Subject: > [Owasp-delhi] > Tools for Web Server V A > Sent by: owasp-delhi-boun...@lists.owasp.org > > > > ------------------------------ > > > > > Issue: Tools for web server V A for IIS, Apache etc ? > > Dear OWASP Delhi, > > Can anyone provide complete and comprehensive information, sites of web > server vulnerability assessment by manual method and by automated tools. > > 1. What are the free tools / open source tools actually and > practically used for web serv V A ? > > 2. What are the commercial tools used for automated web server V A ? > > 3. How a manual web server v a is conducted ? Any checklist and the > practical process. > > 4. People can share their web server v a experience. > > Thanks & regards, > Suresh > > > > _______________________________________________ > Owasp-delhi mailing list > owasp-de...@lists.owasp.org* > **https://lists.owasp.org/mailman/listinfo/owasp-delhi*<https://lists.owasp.org/mailman/listinfo/owasp-delhi> > =====-----=====-----===== > Notice: The information contained in this e-mail > message and/or attachments to it may contain > confidential or privileged information. If you are > not the intended recipient, any dissemination, use, > review, distribution, printing or copying of the > information contained in this e-mail message > and/or attachments to it are strictly prohibited. If > you have received this communication in error, > please notify us by reply e-mail or telephone and > immediately and permanently delete the message > and any attachments. Thank you > > [attachment "CORE_IMPACT_Pro.pdf" deleted by Neelu Tripathy/TVM/TCS] > > =====-----=====-----===== > Notice: The information contained in this e-mail > message and/or attachments to it may contain > confidential or privileged information. If you are > not the intended recipient, any dissemination, use, > review, distribution, printing or copying of the > information contained in this e-mail message > and/or attachments to it are strictly prohibited. If > you have received this communication in error, > please notify us by reply e-mail or telephone and > immediately and permanently delete the message > and any attachments. Thank you > > > > > _______________________________________________ > Owasp-delhi mailing list > Owasp-delhi@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-delhi > >
_______________________________________________ Owasp-delhi mailing list Owasp-delhi@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-delhi