Vulnerability assessment for OS, XML, web services

Discussion in 'Computer Security' started by SAD, Sep 27, 2005.

  1. SAD

    SAD Guest

    This article discusses XML and web services vulnerabilities based on
    libraries, operating systems, databases, protocols and so on.

    http://www.webservicessummit.com/Vulnerabilities.htm

    Can anyone recommend a vulnerability assessment tool that works for a
    network with a mix of software and operating systems?
    SAD, Sep 27, 2005
    #1
    1. Advertising

  2. SAD

    Winged Guest

    SAD wrote:
    > This article discusses XML and web services vulnerabilities based on
    > libraries, operating systems, databases, protocols and so on.
    >
    > http://www.webservicessummit.com/Vulnerabilities.htm
    >
    > Can anyone recommend a vulnerability assessment tool that works for a
    > network with a mix of software and operating systems?
    >


    For general scanning ISS works fairly well for vulnerability assessment,
    there are a number of others however ISS has fewer false positives than
    others I have worked with. False positives even with ISS can be a pain
    in the petute as they too must be examined and ensure that the
    vulnerability does not exist. This is much harder than confirming the
    existence of a vulnerability. It looks for nix and winx vulnerabilities.

    http://www.iss.net/


    ISS however does not detect issues with website construction.

    For that there are a number of tools however a good start to identify
    website application issues however a good start is a tool by Spi
    Dynamics called Web Inspect that will identify a number of exploitable
    issues with website security irrespective of hosting OS. Note ISS
    should also be run in conjunction with webinspect. Webinspect also may
    be run against NIX and Winx hosts.

    http://www.spidynamics.com/

    There are other tools that assist in examining other facets of network
    host vulnerability but these will get you 95% where you need to be on
    assessment of network vulnerabilities. Without knowing further the
    specific facets of what you wish an automated inspection of, I am
    limited by space as to recommendations.



    Winged
    Winged, Sep 28, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Greg
    Replies:
    1
    Views:
    643
    The Poster Formerly Known as Kline Sphere
    Jul 17, 2004
  2. Greg
    Replies:
    31
    Views:
    1,330
  3. Cosmic Cruizer

    Windows vulnerability assessment tools

    Cosmic Cruizer, Feb 18, 2004, in forum: Computer Security
    Replies:
    3
    Views:
    1,382
    Cosmic Cruizer
    Feb 19, 2004
  4. Sherman H.

    Vulnerability Assessment

    Sherman H., Jul 21, 2004, in forum: Computer Security
    Replies:
    2
    Views:
    372
  5. Giuen
    Replies:
    0
    Views:
    742
    Giuen
    Sep 12, 2008
Loading...

Share This Page