Showing posts with label Tenable Nessus. Show all posts
Showing posts with label Tenable Nessus. Show all posts

Feb 22, 2021

Blindspot in Using CVSS for Vulnerability Prioritization

Tags: , , , ,

Just read the article about "Why You Need to Stop Using CVSS for Vulnerability Prioritization" from Tenable.

After using KennaSecurity, I learn that there is vulnerability management blindspot if you are using CVSS for vulnerability prioritization.

A simple scenario here:

The vulnerability scanning tool discovers 2 CVE at an external facing host (Debian OS):  CVE-2020-8617 (cvss:5) and CVE-2020-1472 (cvss:9). 

Conclusion: Asset priority is very important/useful while doing vulnerability prioritization. Make sure your vulnerability management tool does include any form of asset prioritization. 

Sep 3, 2010

Alternative Nessus Feeds

Tags: ,
Found an old news. I'm not sure if it is still updated or not.


These people at Alienvault.com, has released an alternative Nessus feeds, they have 3211 plugins in the feed now. They provide a lot of SCADA servers plugins, this is interesting since the only plugins available for SCADA were paid. The plugins also work on OpenVAS.


Sep 2, 2010

Verify Nessus Feed Information

Tags:
Today I found a way to verify my Tenable Nessus feed information.

root@bt:/opt/nessus/lib/nessus/plugins# cat plugin_feed_info.inc
PLUGIN_SET = "201008312334";
PLUGIN_FEED = "ProfessionalFeed (Direct)";

root@bt:/opt/nessus/lib/nessus/plugins#                               

Subscribe to: Posts (Atom)