Collaborate Disseminate
This is my first time running a vulnerability scan software like OpenVas. It is really a great tool to found out about vulnerabilities in the network.
I have found difficult to troubleshoot the vulnerabilities related to weak… Continue reading OpenVas remediation cipher suites
This is my first time running a vulnerability scan software like OpenVas. It is really a great tool to found out about vulnerabilities in the network.
I have found difficult to troubleshoot the vulnerabilities related to weak… Continue reading OpenVas remediation cipher suites
I recently ran the 1st vulnerability scan in my offices network using OpenVAS.
We received a great deal of false positives.
Mostly I saw that (at least some) tests are unaware of internal patches in a system.
For example we… Continue reading False positives in OpenVAS
There are several Linux servers accessible through public IP addresses running web applications. I want to scan these servers from a different computer (headless) using a scanning tool by giving their IP addresses and discove… Continue reading OpenVAS vs OWASP ZAP for vulnerability scanning
Just installed a new server and I noticed that despite the scan is giving the correct results, the vulnerabilities names are not displayed. They are replaced by the OID associated. However by clicking on the details, the righ… Continue reading OpenVAS displaying OID instead of vulnerabilities names [on hold]
Does OpenVAS make use of a Vulnerability Database to detect vulnerabilities?
Which one does it use if it does?
Does OpenVAS make use of a Vulnerability Database to detect vulnerabilities?
Which one does it use if it does?
I have recently set up OpenVAS on my local office network. I have run a few tasks but I was curious on what tasks I should really be running and within what timeframes?
clarification
I’m currently going through Cyber Essen… Continue reading What OpenVAS tasks (scans) should I be running?
In every normal scanner I used so far, there was an easy option to control the user-agent field sent in HTTP requests.
I’m new with OpenVAS, and I can’t find a way to do this, so: please tell how to spoof the user-agent in O… Continue reading Spoofing user-agent in openvas
I am working on a way to classify our systems (everything that is reacheable through ip) on how bad it would be and how possible it is, that someone would get unauthorized access using exploits.
I do this to determine how deep and how often I am going to check them with vulnaribility scanners like OpenVAS.
So far I have the following criteria:
I would appreciate if someone has a point or two to add or if theres already a standard for classifying systems that way.