Thanks for the feedbak.
-----Original Message-----
From: Michel Arboi [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 14, 2003 4:26 PM
To: Biswas, Proneet
Cc: '[EMAIL PROTECTED]'
Subject: Re: Nessus Plugin dependecies
"Biswas, Proneet" <[EMAIL PROTECTED]> writes:
> So does nessus first go and check whether the dependent scripts
> or it first checks the kb items.
Nessus first runs the scripts, and then, if "optimize test" is set,
checks if the KB items are here.
> Also how do we indicate risk levels in NASL. There is the concept of
> security hole and warning
And also security_note: this one is merely informative.
e.g. the version of your OS or web server. Not a flaw by itself.
security_hole signals a real flaw, and security_warning a weakness or
a minor misconfiguration (e.g. useless services), or an unconfirmed
flaw (e.g. some versions of RPC programs are known to have flaws but
are hard to check)
> but is there a way to quantify the risk factor.
A frequently asked question to which no satisfying answer was given,
I am afraid :-\
The scale is not well defined. IIRC, you can find :
None (for an information gathering plugin, for example)
Minor
Medium, Moderate
High, Serious,
Critical (you're dead :)
