In earlier parts of the Nessus 3 Tutorial, topics included how to install and configure Nessus, and how to run a basic security scan. Up until this point, however, signatures have come from the large database provided by Tenable Network Security’s subscription feed. The signatures are definitely a great source of up-to-date vulnerability information, and they provide protection against most threats known to exist in the wild. There’s one scenario, however, that isn’t addressed by the database approach: custom applications that have been written within your own organization and have known vulnerabilities.

Read the full article: Using Nessus Attack Scripting Language (NASL) to find application vulnerabilities

Published in SearchSecurity on 07/01/08