![]() Xsltproc ASM_Nessus.xsl Nessus_Scan.xml > ASM_Import.xml So how to tie it all together? There are some tools to help, online, I used to have on for Windows but I dont remember what its called, but I have a MAC now, so. Some of this will be a mess, but we can take a stab at it. ![]() The following tests timed out without finding any flaw : Some generic CGI attacks ran out of time. In the Settings/Advanced menu, try reducing the value for 'Max number of concurrent TCP sessions per host' or 'Max simultaneous checks per host'. 'Stop after one flaw is found per web server (fastest)' under 'Do not stop after the first flaw is found per web page' is quicker than 'Look for all flaws (slowest)'. 'Test all combinations of parameters' is much slower than 'Test random pairs of parameters' or 'Test all pairs of parameters (slow)'. Test more that one parameter at a time per form : The results may be incomplete.Ĭonsider increasing the 'maximum run time (minutes)' preference for the 'Web Applications Settings' in order to prevent the CGI scanning from timing out. Some generic CGI tests ran out of time during the scan. Dont do this from AWS or someone will come looking for you, ask me how I know. For this test, I ran a scan against , which is an unsecured app available to the internet. If you want to read it you can remove the sections because all we want are the Reports. There is actually too much data in this file, but you can leave it as is. I wont go into how to use Nessus here, but one of the export options is a ".nessus" which is just an XML file. ![]() The next step is to get a vulnerability scan of a vulnerable web application. That seems pretty simple, but thats a lot of attack types to map to some logic, so for now I will leave it generic. So I exported the generic schema from ASM (13.0), which translates to: The first step was figuring out what the scan results needed to look like. The goal was to create a simple conversion of the Nessus Vulnerability Scan reports to import into ASM. It is important to understand while reading this, I am not an ASM SME. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |