hi All, A site which can assist:
http://www.vulnerabilityscanning.com/Web-Servers-Security.htm regards, satyajit On 2/19/10, Neelu Tripathy <[email protected]> wrote: > > > Hi , > > Yes, NESSUS can be used for web server VA. It is recommended to use > the professional feeds, though. Besides you can fine tune your tests for IIS > in NESSUS. > > > Regards, > Neelu Tripathy > Security Analyst, TEG > Tata Consultancy Services > Mailto: [email protected] > Website: http://www.tcs.com > ____________________________________________ > Experience certainty. IT Services > Business Solutions > Outsourcing > ____________________________________________ > > > From: "suresh tiwary" <[email protected]> To: < > [email protected]> Cc: <[email protected]>, < > [email protected]>, <[email protected]>, < > [email protected]> Date: 02/18/2010 05:50 PM Subject: [Owasp-delhi] > Tools for Web Server V A > ------------------------------ > > > > Dear OWASP Delhi, > > Thank you all for the good information. but i am still confused whether > "NESSUS" is a web server vulnerability assessment tool or a Network > Assessment tool. > > Please suggest. > > The situation is: I have to perform the V.A of IIS using a tool. So how do > I start, Use NESSES and proceed or use any commercial tool. If commercial > tool, then which is the widely accepted commercial tool. A organization cant > have multiple commerical tool, so suggest A few commercial tools that can > perform web server V.A. > > Also any checklist for IIS V.A ? > > Thanks & regards, > Suresh > > Note: Forwarded message attached > > -- Original Message -- > > From: "Vinodh Kiran S" [email protected] > To: [email protected] > Cc: [email protected], [email protected] > Subject: FW: [Owasp-delhi] Tools for Web Server V A > <http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline....@middle?> > > ----- Message from "Vinodh Kiran S" <[email protected]> on Unknown > ----- > *To:* > <[email protected]> > *cc:* > <[email protected]>, <[email protected]> > *Subject:* > FW: [Owasp-delhi] Tools for Web Server V A > Dear Suresh, > > In continuation of the below recommendations from Rahul and Neelu, I just > wanted to let you know that we represent Core Security (Providers of Core > Impact), here in India. The attached datasheet will give you a quick > overview. I would like to know your thoughts on this. Please do contact me > for any further assistance. > > Good Day! > > Regards, > > Vinodh Kiran S |Sr. Manager – ECM | Cell: +91 (0) 9900247424 > > > > * * > *Teaq Technologies Pvt. Ltd.* > #320, 6c Cross, OMBR Layout | Bangalore 560 043, INDIA |Telefax: +91 (80) > 4161 2610 > > > > *From:* [email protected] [ > mailto:[email protected]<[email protected]>] > *On Behalf Of *Neelu Tripathy* > Sent:* Wednesday, February 17, 2010 4:11 PM* > To:* suresh tiwary* > Cc:* [email protected]; [email protected]* > Subject:* Re: [Owasp-delhi] Tools for Web Server V A > > > Hi Suresh, > > Apart from what Rahul suggested, you can also for GFI Languard or Core > Impact (both proprietary). For a better hands-on and/or manual assessment, > try using Metasploit (Opensource), though that might be more on the PT side. > > > Regards, > Neelu Tripathy > Security Analyst, TEG > Tata Consultancy Services > Mailto: [email protected] > > From: "suresh tiwary" <[email protected]> To: < > [email protected]> Date: 02/17/2010 11:46 AM Subject: > [Owasp-delhi] > Tools for Web Server V A > Sent by: [email protected] > > > > ------------------------------ > > > > > Issue: Tools for web server V A for IIS, Apache etc ? > > Dear OWASP Delhi, > > Can anyone provide complete and comprehensive information, sites of web > server vulnerability assessment by manual method and by automated tools. > > 1. What are the free tools / open source tools actually and > practically used for web serv V A ? > > 2. What are the commercial tools used for automated web server V A ? > > 3. How a manual web server v a is conducted ? Any checklist and the > practical process. > > 4. People can share their web server v a experience. > > Thanks & regards, > Suresh > > > > _______________________________________________ > Owasp-delhi mailing list > [email protected]* > **https://lists.owasp.org/mailman/listinfo/owasp-delhi*<https://lists.owasp.org/mailman/listinfo/owasp-delhi> > =====-----=====-----===== > Notice: The information contained in this e-mail > message and/or attachments to it may contain > confidential or privileged information. If you are > not the intended recipient, any dissemination, use, > review, distribution, printing or copying of the > information contained in this e-mail message > and/or attachments to it are strictly prohibited. If > you have received this communication in error, > please notify us by reply e-mail or telephone and > immediately and permanently delete the message > and any attachments. Thank you > > [attachment "CORE_IMPACT_Pro.pdf" deleted by Neelu Tripathy/TVM/TCS] > > =====-----=====-----===== > Notice: The information contained in this e-mail > message and/or attachments to it may contain > confidential or privileged information. If you are > not the intended recipient, any dissemination, use, > review, distribution, printing or copying of the > information contained in this e-mail message > and/or attachments to it are strictly prohibited. If > you have received this communication in error, > please notify us by reply e-mail or telephone and > immediately and permanently delete the message > and any attachments. Thank you > > > > > _______________________________________________ > Owasp-delhi mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-delhi > >
_______________________________________________ Owasp-delhi mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-delhi
