Tenable Blog

Web application testing with automated scanners can be tricky business. While testing various target web servers, I found that some targets seemed to finish in a relatively short period, while others took days - or never seemed to complete at all. This occurred despite the fact that I often used identical test settings and relatively conservative scan settings for the different targets.

While troubleshooting this apparent disparity, I came across a useful plugin that helped me see a little of what was going on in the background. The plugin is Nessus Plugin ID 33817 “Web Application Tests : Load Estimation”.

Welcome to the Tenable Network Security Podcast - Episode 43

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Announcements

• Several new blog posts have been published this week, including:
  • Tenable Reaches 100th Employee
  • Detecting ALL of Your Websites Passively and Continuously
  • Unlimited Discovery Scanning with SecurityCenter and Nessus
  • Microsoft Patch Tuesday Roundup - July 2010 - "Jedi Mind Trick Edition"
  • Detecting Recurring Vulnerabilities

For the past several months, Tenable Network Security has been creating and filling new positions within the company. As we continue to grow, Tenable has been steadily working to improve Nessus and its line of Enterprise products, and we have recently added our 100^th employee to our roster… but we’re not done yet. Tenable currently has nine open positions listed on our Careers page, including career opportunities in Development, Engineering, Training and Sales.

Among the positions listed is a “Digital/Web Strategy Coordinator”, which is designed to develop and maintain Tenable’s customer-facing websites. The ideal candidate for this position will have a unique blend of technical and marketing skills, excellent communication skills and the ability to work on multiple strategic projects simultaneously. This position reports to the Director of Marketing and will work closely with our Sales, Development and Content groups to improve our existing online presence and complete new online projects.

Tenable’s Director of Marketing, Susan Corbin, says, "This position is a great opportunity for someone who enjoys taking an idea or concept, formulating a marketing strategy around that concept, and then working the project through to completion. It is a very hands-on role with a lot of room for learning and growth potential, which is perfect for someone who wants to get some real-world marketing experience under their belt”.

Which Vulnerabilities Are You Looking For?

When Microsoft releases their patches each month, I find it interesting to review the criticality of each vulnerability. Microsoft has, in their typical fashion, used some very interesting wording to describe the latest batch of vulnerabilities. When reading each security bulletin, I try to imagine the worst-case scenario and look at the glass as half empty. Microsoft seems to paint a picture and believes the glass to be half full by using phrases such as:

In MS10-042: "The vulnerability cannot be exploited automatically through e-mail." - I believe what they are stating here is that the user can't just open up an email to have the exploit trigger. Instead, the user has to either open an attachment or click on a link. I can tell you from first-hand experience that it’s not difficult to get someone to click on a link. Typically, you just need to tell them that they've qualified for a free iPad. Getting the user to open an attachment is a little bit trickier, and usually requires more research about the target audience and/or organization. However, this does not mean the attack can't scale to trick thousands of people, as did an email appearing to come from the World Cup with an Excel document attached. The Excel document posed as a schedule for the World Cup, but really contained malware that attempted to infect the end-user's computer.

Welcome to the Tenable Network Security Podcast - Episode 42

You may even find an answer to the ultimate question of life, the universe and everything in this very episode!

Hosts: Paul Asadoorian, Product Evangelist

Announcements

• Several new blog posts have been published this week, including:
  • Tenable at Black Hat USA 2010!
  • Research Spotlight: Oracle Patch Auditing
  • Nessus and the Fight against Viruses
• New Nessus training is now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both Black Hat Las Vegas 2010 and BruCon 2010. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner.
  
• Be certain to check out our video channel on YouTube that contains the latest Nessus tutorials.


• We're hiring! - Visit the web site for more information about open positions. There are currently 9 open positions listed, including a Digital/Web Strategy Coordinator.


• You can subscribe to the Tenable Network Security Podcast on iTunes!


• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more!