This saves time and makes for a more efficient scan. When tuning Nessus for web application testing, you can select the plugin families that are relevant to your test. It contains many different types of vulnerabilities, including SQL injection, cross-site scripting (XSS) and information disclosures. Multilidae was written by "Irongeek" and contains vulnerabilities that specifically the OWASP top ten list. To create a realistic testing environment our target was setup to run " Mutilidae" version 1.2, a PHP application that was written to contain vulnerabilities. This post focuses on using Nessus for network-based testing, and describes several compliance based checks that provide very thorough testing of web application environments, including scanning to test for the OWASP PHP security specifications and Apache CIS Benchmarks. Nessus provides some of the first steps to web application testing, such as identifying the web server software and technologies, detecting vulnerabilities in common/popular web application software and rudimentary CGI application testing. Nessus can help with both of these tasks, and provide valuable information that will help with your testing. The second form of testing is when you are given the URL, and typically credentials, to the web application and asked to test it specifically. You need to first find and enumerate which web applications are running and then run targeted scans that specifically look for web vulnerabilities. The web applications running within this space will usually be tested generically, but they may not specifically test for web vulnerabilities in a general scan. The first is part of a larger so-called "blind" test, where you are given a range of IP addresses and asked to test the devices and systems within those ranges. There are two different approaches when performing web application testing. You can read more about this topic in The Nessus Port Scanning Engine: An Inside Look, and Web Application Scanning with Nessus.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |