From: Andres Riancho (andresit@fibertel.com.ar)
Date: Tue Aug 03 2004 - 22:24:47 EDT
Chris ,
It depends on the type of scan your company pays for but if you want and
are carefull with what you do , you could put one or two un-checked inputs
on your webpage in order to get some kind of XSS/SQL Injection. This kind of
tests arent checked (by default with default plugins) by nessus.
If you are looking for something more like a buffer overflow , i suggest
you dont put any service online with this kind of flaw , because your
testing company could not find them with nessus or the scanner they use but
a skilled cracker/hacker/whatever could. Maybe you could put some daemon
from the honeypot project [www.honeypots.net] to listen on some host that
is scanned but aint really important. But once again... production servers
are not a good place to test this.
Andres Riancho
----- Original Message -----
From: "Chris Griffin" <cgriffin@dcmindiana.com>
To: <pen-test@securityfocus.com>
Sent: Monday, August 02, 2004 3:58 PM
Subject: nessus exceptions
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi list,
> Im trying to find some good holes, that aren't major security issues,
> that i can create on a machine to see if our testing company really
> uses anything other than nessus.
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFBDo7EeFLbG0PZdVwRAmaSAJ9gHU7w6vbI9DGKWa7xmUQ31qKSBQCgpcpq
> cC69CeYr16OsfuYu6u1oe8U=
> =bGZi
> -----END PGP SIGNATURE-----
>
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:58 EDT