jetlib.sec » Penetration Testing » Vulnerability scanning routines - what is overkill.

Feeds

133326 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Penetration Testing

• August 26, 2011
• 

  Vulnerability scanning routines - what is overkill.

  Posted: August 26th, 2011, 9:33pm PDT

  Tags:   

  Posted by cribbar on Aug 26

  There was some debate the other day in our office (not tech IT myself) about
  what percentage of the infrastructure vulnerabilities in the nessus
  repository are taken out the equation if you have a thorough patch
  management policy for the infrastructure AND you scan the system before its
  brought into operation?
  
  What’s your view? What % of nessus vulns are addressed by scanning after
  build process and addressing the problems, and then applying...