"Biswas, Proneet" <[EMAIL PROTECTED]> writes: > So does nessus first go and check whether the dependent scripts > or it first checks the kb items.
Nessus first runs the scripts, and then, if "optimize test" is set, checks if the KB items are here. > Also how do we indicate risk levels in NASL. There is the concept of > security hole and warning And also security_note: this one is merely informative. e.g. the version of your OS or web server. Not a flaw by itself. security_hole signals a real flaw, and security_warning a weakness or a minor misconfiguration (e.g. useless services), or an unconfirmed flaw (e.g. some versions of RPC programs are known to have flaws but are hard to check) > but is there a way to quantify the risk factor. A frequently asked question to which no satisfying answer was given, I am afraid :-\ The scale is not well defined. IIRC, you can find : None (for an information gathering plugin, for example) Minor Medium, Moderate High, Serious, Critical (you're dead :)
