Vulnerability assessment for OS, XML, web services

Discussion in 'Computer Security' started by SAD, Sep 27, 2005.

  1. SAD

    SAD Guest

    This article discusses XML and web services vulnerabilities based on
    libraries, operating systems, databases, protocols and so on.

    Can anyone recommend a vulnerability assessment tool that works for a
    network with a mix of software and operating systems?
    SAD, Sep 27, 2005
    1. Advertisements

  2. SAD

    Winged Guest

    For general scanning ISS works fairly well for vulnerability assessment,
    there are a number of others however ISS has fewer false positives than
    others I have worked with. False positives even with ISS can be a pain
    in the petute as they too must be examined and ensure that the
    vulnerability does not exist. This is much harder than confirming the
    existence of a vulnerability. It looks for nix and winx vulnerabilities.

    ISS however does not detect issues with website construction.

    For that there are a number of tools however a good start to identify
    website application issues however a good start is a tool by Spi
    Dynamics called Web Inspect that will identify a number of exploitable
    issues with website security irrespective of hosting OS. Note ISS
    should also be run in conjunction with webinspect. Webinspect also may
    be run against NIX and Winx hosts.

    There are other tools that assist in examining other facets of network
    host vulnerability but these will get you 95% where you need to be on
    assessment of network vulnerabilities. Without knowing further the
    specific facets of what you wish an automated inspection of, I am
    limited by space as to recommendations.

    Winged, Sep 28, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.