Monthly Archives: March 2018

OpenVAS Knowledge Base become smaller

At 23 January Jan Oliver Wagner, leader of OpenVAS project and Greenbone CEO, sent an email with a subject “Attic Cleanup”. In this message, he mentioned, that some NASL plugins will be excluded from the public NVT / Greenbone Community Feed (GCF) soon.

On the one hand it seems logical. These old plugins are not often used, but can slow down the scanner. But in fact there will be less plugins in public NVT feed. And the the commercial¬†Greenbone Security Feed (GSF) will not change. Not good. ūüėČ

“However, we will keep those NVTs in the Greenbone Security Feed (GSF) for the reasons of policy and of service level agreement.”

I took the archives downloaded within a few months after the letter and analyzed which plugins were added and removed:

  • tar -xf community-nvt-feed-current.tar -C 230118/
  • tar -jxf community-nvt-feed-current-2.tar.bz2 –directory 150218/
  • tar -jxf community-nvt-feed-current-3.tar.bz2 –directory 230318/

OpenVAS Plugins Deleted from community feed

The overall amount of plugins changed from 57502 to current 53383.

Continue reading

A few words about Gartner’s “Magic Quadrant for Application Security Testing” 2018

February and March are the hot months for marketing reports. I already wrote about IDC and Forrester reports about Vulnerability Management-related markets. And this Monday, March 19, Gartner released new “Magic Quadrant for Application Security Testing”. You can buy it on the official website for $ 1,995.00 USD or download it for free from the vendor’s sites. For example,¬†Synopsys or Positive Technologies. Thank you, dear vendors, for this opportunity!

I’m not an expert in Application Security. I am more in Device Vulnerability Assessment (IDC term) or Vulnerability Management. However, these field are related. And well-known Vulnerability Management vendors often have products or functionality for Web Application scanning and Source Code analysis as well. Just see Qualys, Rapid7 and Positive Technologies at the picture!

Gartner AST MQ 2018

I have already mentioned in previous posts that grouping products in marketing niches is rather mysterious process for me. For example, Gartner AST niche is for SAST, DAST and IAST products:

  • SAST is for source code or binary analysis
  • DAST is basically a black box scanning of deployed applications. it can be also called WAS (Web Application Scanning)
  • IAST is a kind of analysis that requires agent in the test runtime environment. Imho, this thing is still a pretty exotic.

As you can see, these are very different areas. But, the market is the same – AST.

Continue reading

My short review of “The Forrester Wave: Vulnerability Risk Management, Q1 2018”

Last week, March 14, Forrester presented new report about Vulnerability Risk Management (VRM) market. You can purchase it on official site for $2495 USD or get a free reprint on Rapid7 site. Thanks, Rapid7! I’ve read it and what to share my impressions.

Forrester VRM report2018

I was most surprised by the leaders of the “wave”. Ok, Rapid7 and Qualys, but BeyondTrust and NopSec? That’s unusual. As well as seeing Tenable out of the leaders. ūüôā

The second thing is the set of products. We can see there traditional Vulnerability Management/Scanners vendors, vendors that make offline analysis of configuration files and vendors who analyse imported raw vulnerability scan data. I’m other words, it’s barely comparable products and vendors.

Continue reading

My short review of “IDC Worldwide Security and Vulnerability Management Market Shares 2016”

On February¬†12 IDC published new report about Security and Vulnerability Management market.¬†You can buy it on the official website for $4500. Or you can simply¬†download free extract on Qualys website (Thanks, Qualys!). I’ve read it and now I want to share my impressions.

IDC Worldwide Security and Vulnerability Management Market Shares 2016

I think it’s better start reading this report from the end, from “MARKET DEFINITION” section. First of all, IDC believe that there is a “Security and Vulnerability Management” (SVM) market. It consists of two separate “symbiotic markets”: security management and vulnerability assessment (VA).

Continue reading

Dealing with Nessus logs

Debugging Nessus scans is a very interesting topic. And it is not very well described even in Tenable University course. It become especially interesting when you see strange network errors in the scan results.¬†Let’s see how we can troubleshoot Nessus scans without sending Nessus DB files to Tenable¬† (which is, of course, the default way ūüėČ ).

Nessus Logs

Default logging

Let’s see default Nessus¬†logs. I cleared log nessusd.messages¬†file to have only logs of the latest scan:

# echo "" > /opt/nessus/var/nessus/logs/nessusd.messages

and restarted Nessus:

# /bin/systemctl start nessusd.service

I scan only one host (test-linux-host01, 192.168.56.12) with the Advanced scan profile. No default settings was set.

As you can see from the cpe report, it’s typical Linux host with ssh server:

typical Linux host with ssh

What’s in the logs?

Continue reading