Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: plugins
Extending the generic web application vulnerability checks
 

Index | Next | Previous | View Flat


10109 at live

Mar 9, 2009, 7:47 AM


Views: 3431
Permalink
Extending the generic web application vulnerability checks

Hello all,

I am currently investigating the possibilities of Nessus with regards to testing web applications on generic vulnerabilities. My goal is to extend Nessus with additional generic web application vulnerability checks.

Currently I have only found two plug-ins (torturecgis.nasl and sql_injection.nasl) which check a web application for XSS, SQL injection, OS commanding and Path traversal.

As the torturecgis.nasl script already states, it's far from complete. The sql_injection.nasl script is more mature.

I have the following questions:
1. Are there more generic web application vulnerability checks that I missed?
2. What is the development roadmap for these kind of checks?
3. Are new generic plug-ins currently being in development?
4. Are there plans to extend torturecgis.nasl?
5. Why isn't there a good set of plug-ins for these kind of checks?

In comparison with other (generic) web application vulnerability scanners, there is a lot of improvement to achieve.

With regards,

Piet Haanstra

_________________________________________________________________
Drag n’ drop—Get easy photo sharing with Windows Live™ Photos.

http://www.microsoft.com/windows/windowslive/products/photos.aspx

Subject User Time
Extending the generic web application vulnerability checks 10109 at live Mar 9, 2009, 7:47 AM
    Re: Extending the generic web application vulnerability checks mikhail at nessus Mar 10, 2009, 9:50 AM
    Re: Extending the generic web application vulnerability checks bmartin at tenablesecurity Mar 12, 2009, 2:41 AM

  Index | Next | Previous | View Flat
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.