Hi,
Does anyone know how many of the Sans top 20 Nessus can detect when run non-destructive and without domain credentials?
Thanks,
Paul
SANS Top 20 is pretty generic - you can just visually go through the list and make an educated guess as to what Nessus might be able to test, and if you know what you're doing, you'd likely be right.
You have to realize that to make it "simple", SANS says that running a DNS server puts you into a high risk category. They then elaborate by pointing out all the problems that have been reported with various DNS servers, by referencing CVE numbers
If you visit http://www.sans.org/top20/ you can see this in action.
Having said that, if you look at the link http://www.securityspace.com/smysecure/sans20_2002.html you will see that 17 of the "Top 20" are tested for with the Nessus test suite.
Thomas
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
