Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Nessus Scoring System

from [mike . sleeper] Network Security [Permanent Link]
Subject: Re: Nessus Scoring System
Date: Thu, 06 Apr 2006 14:13:43 -0400 
It would seem to me that you could grep the results and look for the "CVSS 
Base Score : "

A summation of the findings should give you a picture such that the lower 
your score, the better your performance.

A more accurate representation might be to incorporate a fixed or sliding 
multiplier so that a system with a few highs reports a much higher score 
than a host with a multitude of lows.


----------------------------------------------------
Mike Sleeper    CISSP, CCSE, CCFS
  Computer & Information Security
----------------------------------------------------

************* DISCLAIMER ***********************************
The above comments are my own and do not 
necessarily represent those of my employer or 
contractor.  Any information or advice provided by 
me shall be given under the "caveat emptor" principal.
*****************************************************************



"mudyo26 CryptoMail User " <mudyo26@cryptomail.org> 
Sent by: nessus-bounces@list.nessus.org
04/06/2006 01:55 PM

To
Nessus@list.nessus.org, nessus-bounces@list.nessus.org
cc

Subject
Nessus Scoring System








Is there any Scoring system / Risk Score based on Nessus output ?
What if an organization does scanning every day and want to know how the
"security score" is increasing or decreasing based on vulnerabilities 
found(not found).

I read one posting by Renaud in early 2005 in Nessus lists that it is 
being worked upon.




!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+
CryptoMail provides free end-to-end message encryption. 
http://www.cryptomail.org/   Ensure your right to privacy.
Traditional email messages are not secure.  They are sent as
clear-text and thus are readable by anyone with the motivation
to acquire a copy.
!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Nessus Scoring System, mudyo26 CryptoMail User
Next by Date:  RE: NeWT Question: NeWT hangs at 98/99%, Deeds, Chad
Previous by Thread:  Nessus Scoring System, mudyo26 CryptoMail User
Next by Thread:  Re: Nessus Scoring System, Ron Gula
Indexes:  [Date] [Thread] [Top] [All Lists]