nessus – Page 4 – WindowsTechs.com

Patching session fixation issue on Apache server

Posted on February 4, 2020 by Darin Beaudreau

I recently ran a Nessus scan on my network, and one of the issues that it revealed is a possible avenue for cookie injection (session fixation) through Javascript. The related Nessus issue can be found here:

https://www.tenable.com/plugin… Continue reading Patching session fixation issue on Apache server→

Nessus detect more open ports than nmap

Posted on January 25, 2020 by kyo

I scan my site via namp , I only see 3 ports open.

nmap -sV {ip}
Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-25 09:42 EST
Nmap scan r… Continue reading Nessus detect more open ports than nmap→

How would you perform a Security Audit of a Meraki Firewall?

Posted on October 6, 2019 by Simon Davies

Are you able to perform an Offline Configuration Security Audit of a Meraki Firewall with Nessus Professional?

See: https://www.tenable.com/blog/auditing-more-network-devices-offline-with-nessus

Continue reading How would you perform a Security Audit of a Meraki Firewall?→

What are the benefits of using Nessus in addition to Azure Security Center?

Posted on August 20, 2019 by Stephen

Are there any benefits to using vulnerability scanners such as Nessus Pro or Tenable.io, if we are already using Azure Security Center for vulnerability and update management?

Or does it have any negative effects to do so?

… Continue reading What are the benefits of using Nessus in addition to Azure Security Center?→

Identifying Share Permission and File Permission on Hundreds of Servers

Posted on July 19, 2019 by Shakir

Objective

Identify and report on Windows hosts in the network which allow file/folder access (READ/WRITE/Execute) for Everyone.

Scenario:

Using agent based scanner, I extracted share permissions from 100 Windows 2012 Serv… Continue reading Identifying Share Permission and File Permission on Hundreds of Servers→

RHEL7 SSGv0.1 2.2.3 Unauthorized SUID/GUID executables

Posted on June 24, 2019 by Scottie H

We are upgrading to RHEL 7.6. My Nessus scanner is giving me the following message:
2.2.3.c-d Mandatory Review Required: Find unauthorized SUID/GUID System Executables
RHEL7 SSGv0.1 2.2.3 Unauthorized SUID/GUID executables
/u… Continue reading RHEL7 SSGv0.1 2.2.3 Unauthorized SUID/GUID executables→

Nmap scanner after a credential scan or before credential scan?

Posted on April 24, 2019 by ibrahim

i’m developing a vulnerability management process, one phase of it is to validate scanner tools data. at the moment I’m doing automated discovery scan using Nessus (hosted in a server not accessible for user Lan) followed by … Continue reading Nmap scanner after a credential scan or before credential scan?→

Rationale for removing cronie-anacron

Posted on April 9, 2019 by Scottie H

My Nessus scanner reports that I need to remove cronie-anacron. What is the rationale for this?

Continue reading Rationale for removing cronie-anacron→

How to check if a list of domains contains any WordPress installation?

Posted on January 30, 2019 by chrysst

Does any software or any other way to detect if a website contains any WordPress installation?

For example lets say we have the website example.com which is not a WordPress site, but we have a WordPress site in the path exam… Continue reading How to check if a list of domains contains any WordPress installation?→

vulnerability scans on machines not on the network?

Posted on January 9, 2019 by mks5251

Is it possible to scan laptops of users who are not on your network (e.g., consultants) before giving them access to resources?
Can you also explain the reasoning behind why/why not?

Continue reading vulnerability scans on machines not on the network?→